What is CVE-2026-22031?

CVE-2026-22031 is a high-severity vulnerability in Fastify Fastify\/middie, classified under CWE-177. CVSS score: 8.4/10. Published 2026-01-19.

How severe is CVE-2026-22031?

High severity. CVSS v3 base score is 8.4 out of 10.

Vulnerability in Fastify Fastify\/middie

CVE-2026-22031

@fastify/middie is the plugin that adds middleware support on steroids to Fastify. A security vulnerability exists in @fastify/middie prior to version 9.1.0 where middleware registered with a specific path prefix can be bypassed using URL-…

EPSS: 0.001 (34.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.4 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L.

Affected products

Fastify Fastify\/middie
Fastify Middie — versions < 9.1.0

Weakness classification (CWE)

CWE-177

References

security-advisories@github.com (x_refsource_CONFIRM, Exploit, Vendor Advisory)
security-advisories@github.com (Patch, x_refsource_MISC, Issue Tracking)
security-advisories@github.com (Patch, x_refsource_MISC)
security-advisories@github.com (Product, x_refsource_MISC, Release Notes)

Frequently asked questions

What is CVE-2026-22031?: CVE-2026-22031 is a high-severity vulnerability in Fastify Fastify\/middie, classified under CWE-177. CVSS score: 8.4/10. Published 2026-01-19.
How severe is CVE-2026-22031?: High severity. CVSS v3 base score is 8.4 out of 10.