CVE-2026-2293
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk47th percentile - higher than 47% of all known CVEs
Summary
A NestJS application using @nestjs/platform-fastify may allow bypass of authentication/authorization middleware when Fastify path-normalization options are enabled. This vulnerability affects NestJS version 11.1.13.
Risk Assessment
The risk involves potential unauthorized access to protected application resources, which could lead to data confidentiality breaches or privilege escalation.
Recommendation
It is recommended to immediately upgrade NestJS to a version newer than 11.1.13 and disable Fastify path-normalization options if not required.
Original NVD description (English source)
A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when Fastify path-normalization options are enabled. This issue affects nest.Js: 11.1.13.

