vulnerability in vite-plugin-node project

While working on vite-plugin-node project, I identified [CVE-2026-2880](https://vulert.com/vuln-db/CVE-2026-2880) affecting the @fastify/middie package. The vulnerability is caused by improper path normalization when Fastify router normalization options are enabled. In certain configurations, a crafted request path can bypass path-scoped middleware checks while still reaching protected route handlers.

[CVE Link](https://vulert.com/vuln-db/CVE-2026-2880)
[CVE Report](https://vulert.com/vuln-scan/list/03c3847a-f015-42a1-bd63-64d6aa9ff381?sort_order=desc&sort_by=created_at)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

vulnerability in vite-plugin-node project #136

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

vulnerability in vite-plugin-node project #136

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions