All 3 CVE vulnerabilities found in @fastify/express, with AI-generated Chinese analysis, references, and POCs.
Vendor: fastify
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-6556 | @fastify/express vulnerable to middleware bypass via non-string mount paths in prefixed plugins CWE-285 | 9.1 | Critical | 2026-06-30 |
| CVE-2026-33807 | @fastify/express vulnerable to middleware path doubling causing authentication bypass in child plugin scopes CWE-436 | 9.1 | Critical | 2026-04-15 |
| CVE-2026-33808 | @fastify/express vulnerable to middleware authentication bypass via URL normalization gaps (duplicate slashes and semicolons) CWE-436 | 9.1 | - | 2026-04-15 |
All 3 known CVE vulnerabilities affecting @fastify/express with full Chinese analysis, references, and POCs where available.