CVE-2026-33011

Name of the Vulnerable Software and Affected Versions Nest versions 11.1.15 and below

Description Nest is a framework used for building scalable Node.js server-side applications. In versions 11.1.15 and earlier, applications utilizing the @nestjs/platform-fastify GET middleware can be bypassed. This occurs because Fastify automatically redirects HEAD requests to the corresponding GET handlers, if they exist. Consequently, the middleware is completely skipped, the HTTP response does not include a body, and the actual handler continues to execute. The issue stems from the automatic redirection of HEAD requests to GET handlers within the Fastify platform.

Recommendations Update to Nest version 11.1.16 or later.