Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 10 May 2026 22:06:01 +0000 9783347f-2864-4f17-8af5-62b4d9569f33 https://vulnerability.circl.lu/sighting/9783347f-2864-4f17-8af5-62b4d9569f33/export {"uuid": "9783347f-2864-4f17-8af5-62b4d9569f33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6322", "type": "seen", "source": "https://bsky.app/profile/ulisesgascon.com/post/3ml3yek4kos2b", "content": "\ud83d\udea8 High-severity security fix in fast-uri@3.1.2 just released!\n\nPatches CVE-2026-6322 \u2014 fast-uri vulnerable to host confusion via percent-encoded authority delimiters\n\ngithub.com/fastify/fast...", "creation_timestamp": "2026-05-05T10:33:49.252528Z"} {"uuid": "9783347f-2864-4f17-8af5-62b4d9569f33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6322", "type": "seen", "source": "https://bsky.app/profile/ulisesgascon.com/post/3ml3yek4kos2b", "content": "\ud83d\udea8 High-severity security fix in fast-uri@3.1.2 just released!\n\nPatches CVE-2026-6322 \u2014 fast-uri vulnerable to host confusion via percent-encoded authority delimiters\n\ngithub.com/fastify/fast...", "creation_timestamp": "2026-05-05T10:33:49.252528Z"} https://vulnerability.circl.lu/sighting/9783347f-2864-4f17-8af5-62b4d9569f33/export Tue, 05 May 2026 10:33:49 +0000 4fadfeec-f771-4ce5-b118-60dea1cc0e32 https://vulnerability.circl.lu/sighting/4fadfeec-f771-4ce5-b118-60dea1cc0e32/export {"uuid": "4fadfeec-f771-4ce5-b118-60dea1cc0e32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6322", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3ml4cdh4uwn2w", "content": "fast-uri\u306enormalize()\u3067\u3001\u30a8\u30f3\u30b3\u30fc\u30c9\u3055\u308c\u305f\u533a\u5207\u308a\u6587\u5b57\u304c\u30c7\u30b3\u30fc\u30c9\u3055\u308c\u3001\u30db\u30b9\u30c8\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u306e\u6a29\u9650\u304c\u5909\u66f4\u3055\u308c\u308b\u8106\u5f31\u6027\u3002\u30d0\u30fc\u30b8\u30e7\u30f33.1.1\u4ee5\u524d\u3067\u767a\u751f\u3057\u3001\u4fe1\u983c\u3067\u304d\u306a\u3044URL\u306e\u6b63\u898f\u5316\u3092\u884c\u3046\u2026\nCVE-2026-6322 CVSS 7.5 | HIGH", "creation_timestamp": "2026-05-05T13:32:07.936216Z"} {"uuid": "4fadfeec-f771-4ce5-b118-60dea1cc0e32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6322", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3ml4cdh4uwn2w", "content": "fast-uri\u306enormalize()\u3067\u3001\u30a8\u30f3\u30b3\u30fc\u30c9\u3055\u308c\u305f\u533a\u5207\u308a\u6587\u5b57\u304c\u30c7\u30b3\u30fc\u30c9\u3055\u308c\u3001\u30db\u30b9\u30c8\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u306e\u6a29\u9650\u304c\u5909\u66f4\u3055\u308c\u308b\u8106\u5f31\u6027\u3002\u30d0\u30fc\u30b8\u30e7\u30f33.1.1\u4ee5\u524d\u3067\u767a\u751f\u3057\u3001\u4fe1\u983c\u3067\u304d\u306a\u3044URL\u306e\u6b63\u898f\u5316\u3092\u884c\u3046\u2026\nCVE-2026-6322 CVSS 7.5 | HIGH", "creation_timestamp": "2026-05-05T13:32:07.936216Z"} https://vulnerability.circl.lu/sighting/4fadfeec-f771-4ce5-b118-60dea1cc0e32/export Tue, 05 May 2026 13:32:07 +0000 281a6cc3-6e09-4bcd-8597-33d4740b5a06 https://vulnerability.circl.lu/sighting/281a6cc3-6e09-4bcd-8597-33d4740b5a06/export {"uuid": "281a6cc3-6e09-4bcd-8597-33d4740b5a06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6322", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3ml4uwxoskc2z", "content": "\ud83d\udfe0 CVE-2026-6322 - High (7.5)\n\nfast-uri normalize() decoded percent-encoded authority delimiters inside the host component and t...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-6322/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-05T19:05:10.740063Z"} {"uuid": "281a6cc3-6e09-4bcd-8597-33d4740b5a06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6322", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3ml4uwxoskc2z", "content": "\ud83d\udfe0 CVE-2026-6322 - High (7.5)\n\nfast-uri normalize() decoded percent-encoded authority delimiters inside the host component and t...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-6322/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-05T19:05:10.740063Z"} https://vulnerability.circl.lu/sighting/281a6cc3-6e09-4bcd-8597-33d4740b5a06/export Tue, 05 May 2026 19:05:10 +0000 ca0c5a5e-71dd-437c-92ba-da363c5da7eb https://vulnerability.circl.lu/sighting/ca0c5a5e-71dd-437c-92ba-da363c5da7eb/export {"uuid": "ca0c5a5e-71dd-437c-92ba-da363c5da7eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6322", "type": "seen", "source": "https://gist.github.com/alon710/5589e0b554769b0725c771aeba30c7e4", "content": "# CVE-2026-6322: CVE-2026-6322: Host Confusion via Interpretation Conflict in fast-uri\n\n> **CVSS Score:** 7.5\n> **Published:** 2026-05-08\n> **Full Report:** https://cvereports.com/reports/CVE-2026-6322\n\n## Summary\nThe fast-uri library exhibits an interpretation conflict vulnerability due to improper handling of percent-encoded authority delimiters during normalization. This flaw enables attackers to bypass domain validation and perform host confusion attacks against downstream components.\n\n## TL;DR\nfast-uri <= 3.1.1 improperly decodes percent-encoded delimiters (like %40) in the host component without re-encoding them, causing downstream parsers to misinterpret the URI structure. Upgrading to 3.1.2 resolves the issue.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-436\n- **Attack Vector**: Network\n- **CVSS v3.1**: 7.5 (High)\n- **EPSS Score**: 0.00029\n- **Impact**: Integrity Subversion / SSRF Bypass\n- **Exploit Status**: Proof of Concept\n- **CISA KEV**: Not Listed\n\n## Affected Systems\n\n- fast-uri\n- **fast-uri**: <= 3.1.1 (Fixed in: `3.1.2`)\n\n## Mitigation\n\n- Upgrade fast-uri to version 3.1.2 or later.\n- Implement robust pre-validation checks rejecting URIs with percent-encoded reserved characters in the host.\n- Unify URI parsing logic to use the exact same library for both security validation and request execution.\n\n**Remediation Steps:**\n1. Identify all projects depending on fast-uri via package-lock.json or yarn.lock.\n2. Execute the package manager update command targeting fast-uri@3.1.2.\n3. Run regression tests on URI parsing and normalization workflows.\n4. Deploy the updated application build to production environments.\n\n## References\n\n- [GitHub Security Advisory (GHSA-v39h-62p7-jpjc)](https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc)\n- [Fix Commit: Re-escape gen-delims in host](https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293)\n- [Fix Commit: Version 3.1.2 Bump](https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9)\n- [OpenJS Foundation Security Advisories](https://cna.openjsf.org/security-advisories.html)\n- [CVE.org Record](https://www.cve.org/CVERecord?id=CVE-2026-6322)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-6322) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-08T19:40:29.000000Z"} {"uuid": "ca0c5a5e-71dd-437c-92ba-da363c5da7eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6322", "type": "seen", "source": "https://gist.github.com/alon710/5589e0b554769b0725c771aeba30c7e4", "content": "# CVE-2026-6322: CVE-2026-6322: Host Confusion via Interpretation Conflict in fast-uri\n\n> **CVSS Score:** 7.5\n> **Published:** 2026-05-08\n> **Full Report:** https://cvereports.com/reports/CVE-2026-6322\n\n## Summary\nThe fast-uri library exhibits an interpretation conflict vulnerability due to improper handling of percent-encoded authority delimiters during normalization. This flaw enables attackers to bypass domain validation and perform host confusion attacks against downstream components.\n\n## TL;DR\nfast-uri <= 3.1.1 improperly decodes percent-encoded delimiters (like %40) in the host component without re-encoding them, causing downstream parsers to misinterpret the URI structure. Upgrading to 3.1.2 resolves the issue.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-436\n- **Attack Vector**: Network\n- **CVSS v3.1**: 7.5 (High)\n- **EPSS Score**: 0.00029\n- **Impact**: Integrity Subversion / SSRF Bypass\n- **Exploit Status**: Proof of Concept\n- **CISA KEV**: Not Listed\n\n## Affected Systems\n\n- fast-uri\n- **fast-uri**: <= 3.1.1 (Fixed in: `3.1.2`)\n\n## Mitigation\n\n- Upgrade fast-uri to version 3.1.2 or later.\n- Implement robust pre-validation checks rejecting URIs with percent-encoded reserved characters in the host.\n- Unify URI parsing logic to use the exact same library for both security validation and request execution.\n\n**Remediation Steps:**\n1. Identify all projects depending on fast-uri via package-lock.json or yarn.lock.\n2. Execute the package manager update command targeting fast-uri@3.1.2.\n3. Run regression tests on URI parsing and normalization workflows.\n4. Deploy the updated application build to production environments.\n\n## References\n\n- [GitHub Security Advisory (GHSA-v39h-62p7-jpjc)](https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc)\n- [Fix Commit: Re-escape gen-delims in host](https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293)\n- [Fix Commit: Version 3.1.2 Bump](https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9)\n- [OpenJS Foundation Security Advisories](https://cna.openjsf.org/security-advisories.html)\n- [CVE.org Record](https://www.cve.org/CVERecord?id=CVE-2026-6322)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-6322) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-08T19:40:29.000000Z"} https://vulnerability.circl.lu/sighting/ca0c5a5e-71dd-437c-92ba-da363c5da7eb/export Fri, 08 May 2026 19:40:29 +0000