CNNVD-202601-3042 Information

CNNVD ID

CNNVD-202601-3042

Related CVE

CVE-2026-22037

• CNNVD Published: 2026-01-19

Description (Chinese)

@fastify/express是Fastify开源的一个兼容性插件。 @fastify/express 4.0.3之前版本存在安全漏洞，该漏洞源于路径前缀匹配不当，可能导致中间件绕过。

Description (English)

@fastify/express is an compatibility plugin for Fastify Open Source. @fastify/express before version 4.0.3 has a security loophole, which stems from an inappropriate prefix matching of the path, which may lead to the intermediate bypass.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

fastify

Published

2026-01-19

Last Modified

2026-02-24

References

https://github.com/fastify/fastify-express/security/advisories/GHSA-g6q3-96cp-5r5m https://github.com/fastify/fastify-express/commit/dc02a3fe1387f945143f22597baa42557d549a40 https://access.redhat.com/security/cve/cve-2026-22037

Patch

https://github.com/fastify/fastify-express/releases