CVE-2026-6321

ADVISORY - github

Summary

Impact

fast-uri v3.1.0 and earlier decodes percent-encoded path separators (%2F) and dot segments (%2E) before applying dot-segment removal in normalize() and equal(). This makes encoded path data behave like real / and .., so distinct URIs collapse onto the same normalized path.

For example, http://example.com/public/%2e%2e/admin normalizes to http://example.com/admin, and equal() considers them the same URI.

Applications that normalize or compare attacker-controlled URLs to enforce path-based policy can be bypassed. A path that looks confined under an allowed prefix can normalize to a different location.

Patches

Upgrade to fast-uri >= 3.1.1.

Workarounds

None. Upgrade to the patched version.

EPSS Score⁠: 0.00048 (0.152)

Common Weakness Enumeration (CWE)

ADVISORY - nist

NIST

CREATED

24 days ago

UPDATED

16 days ago

ADVISORY IDCVE-2026-6321⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-22⁠

CVSS SCORE

7.5high

GitHub

CREATED

20 days ago

UPDATED

20 days ago

ADVISORY IDGHSA-q3j6-qgpj-74h6⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-22⁠

CVSS SCORE

7.5high

Debian

CREATED

23 days ago

UPDATED

7 days ago

ADVISORY IDCVE-2026-6321⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

22 days ago

UPDATED

15 days ago

ADVISORY IDCVE-2026-6321⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Chainguard

CREATED

2 days ago

UPDATED

2 days ago

ADVISORY ID

CGA-9j5f-2hwm-8hfc

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

12 days ago

UPDATED

12 days ago

ADVISORY ID

MINI-24vq-hhvw-x7gp

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

18 days ago

UPDATED

18 days ago

ADVISORY ID

MINI-2559-95hr-c3wg

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

17 days ago

UPDATED

17 days ago

ADVISORY ID

MINI-29xw-9782-pc26

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

18 days ago

UPDATED

18 days ago

ADVISORY ID

MINI-343j-2w6h-763v

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

11 days ago

UPDATED

11 days ago

ADVISORY ID

MINI-397f-9x7m-rx3r

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

10 days ago

UPDATED

10 days ago

ADVISORY ID

MINI-46ph-8f96-22wx

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

11 days ago

UPDATED

11 days ago

ADVISORY ID

MINI-5w75-56x2-grj2

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

11 days ago

UPDATED

11 days ago

ADVISORY ID

MINI-6mrj-xvjx-pj5c

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

18 days ago

UPDATED

18 days ago

ADVISORY ID

MINI-7v74-6m7h-3h89

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

18 days ago

UPDATED

18 days ago

ADVISORY ID

MINI-c2q8-pcrx-vcxh

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

14 days ago

UPDATED

14 days ago

ADVISORY ID

MINI-crq7-rw96-pf6c

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

14 days ago

UPDATED

14 days ago

ADVISORY ID

MINI-cvmh-mhf7-29c6

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

14 days ago

UPDATED

14 days ago

ADVISORY ID

MINI-fp7c-9852-9mqf

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

14 days ago

UPDATED

14 days ago

ADVISORY ID

MINI-hmgx-7xcg-vq88

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

18 days ago

UPDATED

18 days ago

ADVISORY ID

MINI-hwxv-wrh3-pc5h

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

12 days ago

UPDATED

12 days ago

ADVISORY ID

MINI-r8w2-vj3j-pjch

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

12 days ago

UPDATED

12 days ago

ADVISORY ID

MINI-rcc4-gfpp-phxc

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

14 days ago

UPDATED

14 days ago

ADVISORY ID

MINI-wgv2-jxpc-x9pc

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

11 days ago

UPDATED

11 days ago

ADVISORY ID

MINI-x7pr-qx6c-jm2p

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

CVE-2026-6321

Summary

Impact

Patches

Workarounds

Common Weakness Enumeration (CWE)

CWE-22⁠

CWE-22⁠

Advisories

NIST

CVSS SCORE

GitHub

CVSS SCORE

Debian

CVSS SCORE

Ubuntu

CVSS SCORE

Chainguard

minimos

minimos

minimos

minimos

minimos

minimos

minimos

minimos

minimos

minimos

minimos

minimos

minimos

minimos

minimos

minimos

minimos

minimos

minimos