{"vulnerability": "cve-2026-6556", "sightings": [{"uuid": "1ae54cb7-3a3e-4b8d-98f8-f4ad088b9798", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6556", "type": "seen", "source": "https://bsky.app/profile/ulisesgascon.com/post/3mpj2dxzyik2z", "content": "\ud83d\udea8 Critical-severity security fix in @fastify/express 4.0.7 just released!\n\nPatches CVE-2026-6556. @fastify/express vulnerable to middleware bypass via non-string mount paths in prefixed plugins.\n\ngithub.com/fastify/fast...", "creation_timestamp": "2026-06-30T12:54:39.102809Z"}, {"uuid": "0cc9b47e-e173-4fcf-9101-d02616e04944", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6556", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpj63qsdtd2f", "content": "CVE-2026-6556 - @fastify/express vulnerable to middleware bypass via non-string mount paths in prefixed plugins\nCVE ID : CVE-2026-6556\n \n Published : June 30, 2026, 12:48 p.m. | 57\u00a0minutes ago\n \n Description : @fastify/express versions 4.0.6 and earlier only rewrite the plugin...", "creation_timestamp": "2026-06-30T14:01:37.682197Z"}, {"uuid": "a653249a-1657-4512-a0ad-5bd88dfdeea5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6556", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mpng6qcv642i", "content": "\ud83d\udccc CVE-2026-6556 - @fastify/express versions 4.0.6 and earlier only rewrite the plugin prefix for middleware mount paths when the path argument is a string. Non-string m... https://www.cyberhub.blog/cves/CVE-2026-6556", "creation_timestamp": "2026-07-02T06:37:07.091058Z"}]}