Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

@fastify/middie

Source -

CNA

BOS Name -

N/A

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
1Vulnerabilities found
CVE-2026-2880
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
ShareView Details
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
CVSS Score-8.2||HIGH
EPSS-Not Assigned
Published-27 Feb, 2026 | 18:25
Updated-27 Feb, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
@fastify/middie has an improper path normalization vulnerability

A vulnerability in @fastify/middie versions < 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware (for example, app.use('/secret', auth)). When Fastify router normalization options are enabled (such as ignoreDuplicateSlashes, useSemicolonDelimiter, and related trailing-slash behavior), crafted request paths may bypass middleware checks while still being routed to protected handlers.

Action-Not Available
Vendor-@fastify/middie
Product-@fastify/middie
CWE ID-CWE-20
Improper Input Validation