Vulnerabilities

CVE-2026-22031 - Fastify Middie Middleware Path Bypass

2026-01-19 0 views admin

CVE ID : CVE-2026-22031 Published : Jan. 19, 2026, 3:24 p.m. | 41 minutes ago Description : @fastify/middie is the plugin that adds middleware support on steroids to Fastify. A security vulnerability exists in @fastify/middie prior to version 9.1.0 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters (e.g., `/%61dmin` instead of `/admin`). While the middleware engine fails to match the encoded path and skips execution, the underlying Fastify router correctly decodes the path and matches the route handler, allowing attackers to access protected endpoints without the middleware constraints. Version 9.1.0 fixes the issue. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-22031

Published

Jan. 19, 2026

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-22031

CVE-2026-22031 - Fastify Middie Middleware Path Bypass

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-1161 - pbrong hrms recruitment.go UpdateRecruitmentById cross site scripting

CVE-2026-23533 - FreeRDP has heap-buffer-overflow in clear_decompress_residual_data

CVE-2026-23534 - FreeRDP has heap-buffer-overflow in clear_decompress_bands_data

CVE-2026-23732 - FreeRDP has heap-buffer-overflow in Glyph_Alloc

Trending

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

Tech: Data is the only moat

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

Tech: AWS European Sovereign Cloud

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3