Auth bypass in Nestjs Nest
CVE-2026-54281
Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.24, an authentication bypass vulnerability exists in @nestjs/platform-fastify. When middleware is registered through NestJS's MiddlewareConsumer.forR…
Vulnerability class: Broken Access Control
Affected products
- Nestjs Nest — versions < 11.1.24
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)