B3NCLOUD ARTICLE INTELLIGENCE

ARTICLEVIEW

Zurück zu News

CVE-2026-14198 - @fastify/middie vulnerable to authorization bypass via encoded slash in path parameter values

CVE ID :CVE-2026-14198 Published : July 1, 2026, 11:29 a.m. | 1 hour, 43 minutes ago Description :@fastify/middie versions 9.1.0 through 9.3.2 decode the encoded slash %2F inside path parameter values before matching middleware paths, while Fastify's underlying router preserves the encoding...

Original-Artikel öffnen Zurück zur Übersicht