Tag

Middleware

2 briefs RSS

Next.js Middleware Authorization Bypass via Dynamic Route Parameter Injection (CVE-2026-44574)

A vulnerability in Next.js (CVE-2026-44574) allows for authorization bypass in applications that use middleware to protect dynamic routes, enabling attackers to render protected content without proper authorization by crafting specific query parameters.

next +1 nextjs middleware authorization bypass CVE-2026-44574 cloud

2r 1t May 11, 2026

high advisory

@fastify/middie Middleware Bypass Vulnerability (CVE-2026-33804)

2 rules 1 TTP 1 CVE

A middleware bypass vulnerability (CVE-2026-33804) exists in @fastify/middie versions 9.3.1 and earlier when the deprecated Fastify ignoreDuplicateSlashes option is enabled, potentially allowing unauthorized access.

fastify middie middleware bypass cve-2026-33804 defense-evasion

2r 1t 1c Apr 16, 2026