Critical severity9.8NVD Advisory· Published Feb 27, 2026· Updated Apr 14, 2026
CVE-2026-2293
CVE-2026-2293
Description
A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when Fastify path-normalization options are enabled.
This issue affects nest.Js: 11.1.13.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@nestjs/platform-fastifynpm | < 11.1.14 | 11.1.14 |
Affected products
2Patches
Vulnerability mechanics
References
6- fluidattacks.com/advisories/netonnvdThird Party AdvisoryExploitWEB
- github.com/advisories/GHSA-r4wm-x892-vjmxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-2293ghsaADVISORY
- github.com/nestjs/nest/commit/fd8d073e0e048b185147209338ca7042e52c10baghsaWEB
- github.com/nestjs/nest/releases/tag/v11.1.14nvdRelease NotesWEB
- github.com/nestjs/nest/security/advisories/GHSA-r4wm-x892-vjmxghsaWEB
News mentions
0No linked articles in our index yet.