CVE-2026-54281
Nest: Middleware Bypass on Fastify via Trailing Slash
描述
### Impact An authentication bypass vulnerability exists in `@nestjs/platform-fastify` (confirmed on version `11.1.24`, the latest available release at time of report). When middleware is registered through NestJS's `MiddlewareConsumer.forRoutes()` API on the Fastify adapter, an unauthenticated client can bypass the Nest middleware registered for that route by simply appending a trailing slash (`/`) to the request URL. This bypass works on the **default Fastify adapter configuration** — no special router options need to be enabled. Applications using the standard CRUD route shape (`GET /resource` and `GET /resource/:id`) are affected when they protect those routes with `MiddlewareConsumer.forRoutes()` middleware. ### Patches Fixed in `@nestjs/[email protected]` ### References Kudos goes to @a-tt-om
如何修補 CVE-2026-54281
要修補 CVE-2026-54281,請將受影響套件升級到下列已修補版本。
- —升級至 11.1.24 或更新版本
CVE-2026-54281 正在被利用嗎?
目前沒有被利用訊號。CVE-2026-54281 既不在 CISA KEV 也沒有最新的 EPSS 分數。
受影響套件(1)
- from 0, < 11.1.24
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N |