fastify security advisories
2 threat alerts tracking vulnerabilities and security advisories that affect fastify products.
Vulnios monitors fastify CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent fastify security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2026-33808 — fastify — fastify\/express
Impact@fastify/express v4.0.4 and earlier fails to normalize URLs before passing them to Express middleware when Fastify router normalization options are enabled. This allows complete bypass of path-s
criticalCVE-2026-33808Critical Vulnerability: CVE-2026-2880 — fastify — fastify\/middie
A vulnerability in @fastify/middie versions < 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware (for example, app.use('/secret', auth)). When Fastify router no
criticalCVE-2026-2880
Track fastify exposure across your environment
Vulnios automatically cross-references your asset inventory against new fastify CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan