Vulnerability in Feathersjs Feathers

CVE-2026-27192

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, origin validation uses startsWith() for comparison, allowing attackers to bypass the check by registeri…

EPSS: 0.000 (0.8th percentile) — read the EPSS interpretation.

Affected products

Feathersjs Feathers — versions < 5.0.40

Weakness classification (CWE)

CWE-346 — Origin Validation Error

References

https://github.com/feathersjs/feathers/security/advisories/GHSA-mp4x-c34x-wv3x (x_refsource_CONFIRM)
https://github.com/feathersjs/feathers/commit/ee19a0ae9bc2ebf23b1fe598a1f7361981b65401 (x_refsource_MISC)
https://github.com/feathersjs/feathers/releases/tag/v5.0.40 (x_refsource_MISC)