VYPR

Fastify\/express

by Fastify

Source repositories

CVEs (2)

  • CVE-2026-33808CriApr 15, 2026
    risk 0.52cvss 9.1epss 0.00

    Impact@fastify/express v4.0.4 and earlier fails to normalize URLs before passing them to Express middleware when Fastify router normalization options are enabled. This allows complete bypass of path-scoped authentication middleware via duplicate slashes when…

  • CVE-2026-33807CriApr 15, 2026
    risk 0.52cvss 9.1epss 0.00

    @fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix that matches a middleware path, the middleware path is prefixed…