CVE-2026-2293
EUVD-2026-903427.02.2026, 17:16
A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when Fastify path-normalization options are enabled. This issue affects nest.Js: 11.1.13.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| nestjs | nest | 11.1.13 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-863 - Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
- CWE-551 - Incorrect Behavior Order: Authorization Before Parsing and CanonicalizationIf a web server does not fully parse requested URLs before it examines them for authorization, it may be possible for an attacker to bypass authorization protection.
References