CVE-2026-6321: CVE-2026-6321: Path Traversal in fast-uri via Improper Normalization Order

1 / 2

CVE-2026-6321: CVE-2026-6321: Path Traversal in fast-uri via Improper Normalization Order

DEV Community·CVE Reports·24 days ago

#McooiYNi

#exploit #security #cve #cybersecurity #fast #path

Reading 0:00

15s threshold

CVE-2026-6321: Path Traversal in fast-uri via Improper Normalization Order Vulnerability ID: CVE-2026-6321 CVSS Score: 7.5 Published: 2026-05-08 The fast-uri library (versions ≤ 3.1.0) contains a high-severity path traversal vulnerability due to an order-of-operations flaw during URI normalization. The library incorrectly decodes percent-encoded path separators (%2F) and dot segments (%2E) prior to applying dot-segment removal algorithms, allowing attackers to bypass path-based access controls and filters. TL;DR fast-uri ≤ 3.1.0 decodes percent-encoded URI characters before running path normalization algorithms. This allows attackers to use payloads like %2e%2e to bypass security filters and perform path traversal attacks. Upgrade to version 3.1.1 to implement context-aware decoding.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

CVE-2026-6321: CVE-2026-6321: Path Traversal in fast-uri via Improper Normalization Order