CVE-2026-44574

ADVISORY - github

Summary

Impact

Applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters can alter the dynamic route value seen by the page while leaving the visible path unchanged, which can allow protected content to be rendered without passing the expected middleware check.

Fix

We now only honor internal route-parameter normalization in trusted routing flows and ignore externally supplied parameter encodings that should never have been accepted from ordinary requests.

Workarounds

If you cannot upgrade immediately, enforce authorization in route or page logic instead of relying solely on middleware path matching.

Common Weakness Enumeration (CWE)

ADVISORY - nist

NIST

CREATED

5 hours ago

UPDATED

4 hours ago

ADVISORY IDCVE-2026-44574⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-288⁠

CVSS SCORE

8.1high

GitHub

CREATED

2 days ago

UPDATED

2 days ago

ADVISORY IDGHSA-492v-c6pp-mqqv⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-288⁠

CVSS SCORE

8.1high

Chainguard

CREATED

21 hours ago

UPDATED

21 hours ago

ADVISORY ID

CGA-9j9f-g8g8-c4w5

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

CVE-2026-44574

Summary

Impact

Fix

Workarounds

Common Weakness Enumeration (CWE)

CWE-288⁠

CWE-288⁠

Advisories

NIST

CVSS SCORE

GitHub

CVSS SCORE

Chainguard