PT-2026-33000 · Npm · Fastify
Climba03003
+4
·
Published
2026-04-15
·
Updated
2026-04-15
·
CVE-2026-33806
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
fastify versions 5.3.2 through 5.8.4
Description
Applications using
schema.body.content for per-content-type body validation are subject to a validation bypass. By prepending a space to the Content-Type header, the body is still parsed correctly, but the schema validation is skipped entirely.Recommendations
Upgrade to version 5.8.5 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fastify