PatchSiren

nest.js CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH nest.js CVE published 2026-02-27

CVE-2026-2293

CVE-2026-2293 is a high-severity vulnerability affecting NestJS applications that use @nestjs/platform-fastify. The issue allows for the bypass of authentication and authorization middleware when Fastify path-normalization options are enabled. This vulnerability impacts NestJS version 11.1.13. The CVSS score for this vulnerability is 8.2, indicating a high severity level. The vulnerability was published o [truncated]