Tag

Fastify

3 briefs RSS

@fastify/middie Middleware Bypass Vulnerability (CVE-2026-33804)

A middleware bypass vulnerability (CVE-2026-33804) exists in @fastify/middie versions 9.3.1 and earlier when the deprecated Fastify ignoreDuplicateSlashes option is enabled, potentially allowing unauthorized access.

fastify middie middleware bypass cve-2026-33804 defense-evasion

2r 1t 1c 2w ago

critical advisory

Fastify Proxy Header Stripping Vulnerability

2 rules 2 TTPs

The `@fastify/reply-from` and `@fastify/http-proxy` libraries process the client's `Connection` header after adding headers, allowing attackers to strip proxy-added headers via the `Connection` header, leading to potential bypass of security controls.

fastify header stripping proxy vulnerability

2r 2t 2w ago

high advisory

Fastify Body Schema Validation Bypass via Leading Space in Content-Type Header

2 rules 1 TTP 2 CVEs

Fastify v5.x is vulnerable to a body schema validation bypass, allowing attackers to circumvent request body validation by prepending a single space to the Content-Type header, potentially compromising data integrity and security constraints.

fastify validation-bypass webserver

2r 1t 2c 2w ago