VYPR
Medium severity5.3NVD Advisory· Published Mar 20, 2026· Updated Jun 3, 2026

CVE-2026-33221

CVE-2026-33221

Description

Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.12.0, the storage service's file upload handler trusts the client-provided Content-Type header without performing server-side MIME type detection. This allows an attacker to upload files with an arbitrary MIME type, bypassing any MIME-type-based restrictions configured on storage buckets. This issue has been patched in version 0.12.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/nhost/nhostGo
< 0.0.0-20260318074820-c4bd53f042d70.0.0-20260318074820-c4bd53f042d7

Affected products

4

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.