{"vulnerability": "CVE-2026-6321", "sightings": [{"uuid": "f2e611e6-1dae-4802-b314-10a2673fee55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6321", "type": "seen", "source": "https://bsky.app/profile/ulisesgascon.com/post/3ml2gaeaaas2n", "content": "\ud83d\udea8 High-severity security fix in fast-uri@3.1.1 just released!\n\nPatches CVE-2026-6321 \u2014 fast-uri vulnerable to path traversal via percent-encoded dot segments\n\ngithub.com/fastify/fast...", "creation_timestamp": "2026-05-04T19:36:47.625608Z"}, {"uuid": "6afc1a36-3e92-4dff-b8dc-3822061340b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6321", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml2q6iggjf2e", "content": "CVE-2026-6321 - fast-uri vulnerable to path traversal via percent-encoded dot segments\nCVE ID : CVE-2026-6321\n \n Published : May 4, 2026, 8:16 p.m. | 2\u00a0hours, 4\u00a0minutes ago\n \n Description : fast-uri decoded percent-encoded path separators and dot segments before applying dot-s...", "creation_timestamp": "2026-05-04T22:34:34.623378Z"}, {"uuid": "6b1672a9-373a-48fa-9658-60b3cbd10585", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6321", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3ml2il54ya22q", "content": "\ud83d\udfe0 CVE-2026-6321 - High (7.5)\n\nfast-uri decoded percent-encoded path separators and dot segments before applying dot-segment rem...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-6321/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-04T20:18:29.263055Z"}, {"uuid": "a02ec623-e0bc-4bf4-ad74-1d60cde92f89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6321", "type": "seen", "source": "https://gist.github.com/alon710/0dcaec5097e434920cb749f30d284372", "content": "# CVE-2026-6321: CVE-2026-6321: Path Traversal in fast-uri via Improper Normalization Order\n\n> **CVSS Score:** 7.5\n> **Published:** 2026-05-08\n> **Full Report:** https://cvereports.com/reports/CVE-2026-6321\n\n## Summary\nThe fast-uri library (versions \u2264 3.1.0) contains a high-severity path traversal vulnerability due to an order-of-operations flaw during URI normalization. The library incorrectly decodes percent-encoded path separators (%2F) and dot segments (%2E) prior to applying dot-segment removal algorithms, allowing attackers to bypass path-based access controls and filters.\n\n## TL;DR\nfast-uri \u2264 3.1.0 decodes percent-encoded URI characters before running path normalization algorithms. This allows attackers to use payloads like %2e%2e to bypass security filters and perform path traversal attacks. Upgrade to version 3.1.1 to implement context-aware decoding.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-22\n- **Attack Vector**: Network\n- **CVSS Score**: 7.5 (High)\n- **EPSS Score**: 0.00030\n- **Exploit Status**: Proof of Concept Available\n- **CISA KEV**: Not Listed\n\n## Affected Systems\n\n- fast-uri <= 3.1.0\n- Node.js applications utilizing fast-uri for request validation\n- API Gateways and proxies dependent on fast-uri for routing\n- **fast-uri**: <= 3.1.0 (Fixed in: `3.1.1`)\n\n## Mitigation\n\n- Upgrade fast-uri to version 3.1.1 or higher.\n- Deploy WAF rules to block URIs containing percent-encoded dot (%2e) or slash (%2f) sequences.\n- Ensure path-based authorization checks occur on the fully normalized URI, not the raw input.\n\n**Remediation Steps:**\n1. Audit application dependencies using npm audit or yarn audit to identify instances of fast-uri <= 3.1.0.\n2. Update the package.json file to require fast-uri version 3.1.1.\n3. Run the package manager update command to fetch the patched library and regenerate the lockfile.\n4. Deploy the updated application and monitor logs for previously blocked traversal attempts.\n\n## References\n\n- [Official fast-uri GitHub Advisory](https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6)\n- [OpenJS Foundation Advisories](https://cna.openjsf.org/security-advisories.html)\n- [CVE Record for CVE-2026-6321](https://www.cve.org/CVERecord?id=CVE-2026-6321)\n- [Patch Commit](https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-6321) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-08T17:40:29.000000Z"}]}