CVE-2026-6322

🗓️ 05 May 2026 11:16:00Reported by ubuntu.comType

ubuntucve

ubuntucve🔗 ubuntu.com👁 3 Views

CVE-2026-6322: fast-uri normalize() decodes percent encoded authority delimiters.

Reporter	Title	Published	Views	Family All 56
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Aspera Faspex	16 Jun 202616:51	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality and denial of service due to multiple CVEs	1 Jun 202609:22	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js modules fast-uri and protobufjs (CVE-2026-6322, CVE-2026-45740 & CVE-2026-6321)	16 Jun 202610:55	–	ibm
ATTACKERKB	CVE-2026-6322	5 May 202610:29	–	attackerkb
Chainguard	CVE-2026-6322 vulnerabilities	10 May 202601:17	–	cgr
Circl	CVE-2026-6322	5 May 202610:33	–	circl
CNNVD	fast-uri 安全漏洞	5 May 202600:00	–	cnnvd
CVE	CVE-2026-6322	5 May 202610:29	–	cve
Cvelist	CVE-2026-6322 fast-uri vulnerable to host confusion via percent-encoded authority delimiters	5 May 202610:29	–	cvelist
Debian CVE	CVE-2026-6322	5 May 202610:29	–	debiancve

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	18.04	any	node-ajv	0	node-ajv_0_any.deb
Ubuntu	20.04	any	node-ajv	0	node-ajv_0_any.deb
Ubuntu	22.04	any	node-ajv	0	node-ajv_0_any.deb
Ubuntu	24.04	any	node-ajv	0	node-ajv_0_any.deb
Ubuntu	25.10	any	node-ajv	0	node-ajv_0_any.deb
Ubuntu	26.04	any	node-ajv	0	node-ajv_0_any.deb

Source	Link
cve	www.cve.org/CVERecord
github	www.github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc
github	www.github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293%20(v3.1.2)

14 May 2026 07:51Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.17.5

EPSS0.00277

SSVC

fast uri normalize function percent encoding authority delimiters security vulnerability