CVE-2026-3635

EPSS 0.01%
Veröffentlicht 23.03.2026 13:53:00
Zuletzt bearbeitet 16.04.2026 17:46:58
Quelle ce714d77-add3-4f53-aff5-83d477
CVE-Watchlists
Login
Unerledigt
Login

Summary
When trustProxy is configured with a restrictive trust function (e.g., a specific IP like trustProxy: '10.0.0.1', a subnet, a hop count, or a custom function), the request.protocol and request.host getters read X-Forwarded-Proto and X-Forwarded-Host headers from any connection — including connections from untrusted IPs. This allows an attacker connecting directly to Fastify (bypassing the proxy) to spoof both the protocol and host seen by the application.

Affected Versions
fastify <= 5.8.2

Impact
Applications using request.protocol or request.host for security decisions (HTTPS enforcement, secure cookie flags, CSRF origin checks, URL construction, host-based routing) are affected when trustProxy is configured with a restrictive trust function.

When trustProxy: true (trust everything), both host and protocol trust all forwarded headers — this is expected behavior. The vulnerability only manifests with restrictive trust configurations.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fastify ≫ Fastify SwPlatformnode.js Version < 5.8.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.007

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
ce714d77-add3-4f53-aff5-83d477b104bb	6.1	1.6	4	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE-348 Use of Less Trusted Source

The product has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.

https://cna.openjsf.org/security-advisories.html

Third Party Advisory

https://github.com/fastify/fastify/security/advisories/GHSA-444r-cwp2-x5xf

Vendor Advisory

https://www.cve.org/CVERecord?id=CVE-2026-3635

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-3635

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-3635

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-3635

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-3635