THREATOPS
THREAT OPSThreat News › [NVD] CVE-2026-6321 (HIGH 7.5) — fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize() and equal() functions. Encoded path data was treated like real slashes and parent-directory references, so distinct URIs could collapse onto the same normalize

[NVD] CVE-2026-6321 (HIGH 7.5) — fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize() and equal() functions. Encoded path data was treated like real slashes and parent-directory references, so distinct URIs could collapse onto the same normalize

lownvdPublished 2026-05-04

CVE-2026-6321 CVSS: 7.5 HIGH Published: 2026-05-04T20:16:20.950

fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize() and equal() functions. Encoded path data was treated like real slashes and parent-directory references, so distinct URIs could collapse onto the same normalized path. Applications that normalize or compare attacker

Indicators of compromise

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-6321