VIR Vulnerability Intelligence Relay

Package impact

npm npm / @fastify/express

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-33808 unknown 1mo ago @fastify/express has a middleware authentication bypass via URL normalization gaps (duplicate slashes and semicolons)
CVE-2026-33807 unknown 1mo ago @fastify/express's middleware path doubling causes authentication bypass in child plugin scopes
CVE-2026-22037 unknown 4mo ago @fastify/express vulnerable to Improper Handling of URL Encoding (Hex Encoding)