h3 has a middleware bypass with one gadget
Description
H3 is a minimal H(TTP) framework. Versions 2.0.0-0 through 2.0.1-rc.14 contain a Host header spoofing vulnerability in the NodeRequestUrl (which extends FastURL) which allows middleware bypass. When event.url, event.url.hostname, or event.url._url is accessed, such as in a logging middleware, the _url getter constructs a URL from untrusted data, including the user-controlled Host header. Because H3's router resolves the route handler before middleware runs, an attacker can supply a crafted Host header (e.g., Host: localhost:3000/abchehe?) to make the middleware path check fail while the route handler still matches, effectively bypassing authentication or authorization middleware. This affects any application built on H3 (including Nitro/Nuxt) that accesses event.url properties in middleware guarding sensitive routes. The issue requires an immediate fix to prevent FastURL.href from being constructed with unsanitized, attacker-controlled input. Version 2.0.1-rc.15 contains a patch for this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
H3 framework before 2.0.1-rc.15 has a Host header spoofing vulnerability that can bypass middleware by using a crafted Host to manipulate URL construction.
Vulnerability
Overview
The vulnerability resides in H3's NodeRequestUrl class, which extends FastURL. When properties like event.url, event.url.hostname, or event.url._url are accessed, the _url getter constructs a URL object from this.href, which itself is built from untrusted components including the user-controlled Host header.[1][2] This allows an attacker to inject arbitrary path segments or query parameters into the URL by sending a specially crafted Host header, such as Host: localhost:3000/abchehe?.
Attack
Vector and Exploitation
H3's router resolves the route handler before middleware runs. If middleware accesses event.url properties (e.g., for logging or checking), the malicious Host header causes the constructed URL to appear as a different path than the actual request route.[2] The middleware may check the path and allow the request, while the route handler still matches the intended sensitive endpoint. No authentication is required; the attacker only needs to control the Host header in the HTTP request.
Impact
Successful exploitation allows an attacker to bypass authentication or authorization middleware that relies on URL inspection. This can lead to unauthorized access to sensitive routes, such as /internal/run in the example, where an internal key check is performed but is never reached because the middleware mistakenly passes the request.[2] Any application built on H3, including those using Nitro or Nuxt, that uses event.url in middleware guarding sensitive routes is affected.
Mitigation
The vulnerability is fixed in version 2.0.1-rc.15.[1] Users should upgrade to this version or later. There is no indication of a workaround; immediate patching is recommended.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
h3npm | >= 2.0.0-0, < 2.0.1-rc.15 | 2.0.1-rc.15 |
Affected products
1- h3js/h3v5Range: >= 2.0.0-0, < 2.0.1-rc.15
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-3vj8-jmxq-cgj5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-33131ghsaADVISORY
- github.com/h3js/h3/security/advisories/GHSA-3vj8-jmxq-cgj5ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.