{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-6322","assignerOrgId":"ce714d77-add3-4f53-aff5-83d477b104bb","state":"PUBLISHED","assignerShortName":"openjs","dateReserved":"2026-04-14T20:28:09.160Z","datePublished":"2026-05-05T10:29:16.378Z","dateUpdated":"2026-07-10T12:06:08.062Z"},"containers":{"cna":{"providerMetadata":{"orgId":"ce714d77-add3-4f53-aff5-83d477b104bb","shortName":"openjs","dateUpdated":"2026-05-05T10:29:16.378Z"},"descriptions":[{"lang":"en","value":"fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a raw userinfo separator, changing the URI's authority to the second domain. Applications that normalize untrusted URLs before host allowlist checks, redirect validation, or outbound request routing can be steered to a different authority than the input appeared to specify. Versions <= 3.1.1 are affected. Update to 3.1.2 or later.","supportingMedia":[{"type":"text/html","base64":false,"value":"fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a raw userinfo separator, changing the URI's authority to the second domain. Applications that normalize untrusted URLs before host allowlist checks, redirect validation, or outbound request routing can be steered to a different authority than the input appeared to specify. Versions <= 3.1.1 are affected. Update to 3.1.2 or later."}]}],"affected":[{"vendor":"fast-uri","product":"fast-uri","defaultStatus":"unaffected","versions":[{"versionType":"semver","status":"affected","version":"0","lessThan":"3.1.2"},{"versionType":"semver","status":"unaffected","version":"3.1.2"}],"packageURL":"pkg:npm/fast-uri"}],"references":[{"url":"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc"},{"url":"https://cna.openjsf.org/security-advisories.html"}],"credits":[{"lang":"en","type":"reporter","value":"Jvr"},{"lang":"en","type":"remediation developer","value":"Matteo Collina"},{"lang":"en","type":"remediation developer","value":"Ulises Gascón"},{"lang":"en","type":"remediation reviewer","value":"KaKa"}],"title":"fast-uri vulnerable to host confusion via percent-encoded authority delimiters","metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH"},"scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-436","lang":"en","description":"CWE-436: Interpretation Conflict","type":"CWE"}]}],"x_generator":{"engine":"cve-kit 1.0.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-05-05T12:55:25.956279Z","id":"CVE-2026-6322","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-05-05T12:55:43.750Z"}},{"affected":[{"cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9","cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9"],"defaultStatus":"affected","product":"Red Hat Ansible Automation Platform 2.6 for RHEL 9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"defaultStatus":"affected","product":"Cluster Observability Operator 1.5.0","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Extensions Channel (v. 10)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:acm:2.16::el9"],"defaultStatus":"affected","product":"Red Hat Advanced Cluster Management for Kubernetes 2.16","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"],"defaultStatus":"affected","product":"Red Hat Ansible Automation Platform 2.6","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhdh:1.10::el9"],"defaultStatus":"affected","product":"Red Hat Developer Hub 1.10","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhdh:1.9::el9"],"defaultStatus":"affected","product":"Red Hat Developer Hub 1.9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:discovery:2::el9"],"defaultStatus":"affected","product":"Red Hat Discovery 2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:edge_manager:1.0::el9"],"defaultStatus":"affected","product":"Red Hat Edge Manager 1.0","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4.19::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Container Platform 4.19","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4.20::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Container Platform 4.20","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4.21::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Container Platform 4.21","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4.22::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Container Platform 4.22","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3.10::el8"],"defaultStatus":"affected","product":"Red Hat Quay 3.10","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3.12::el8"],"defaultStatus":"affected","product":"Red Hat Quay 3.12","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3.9::el8"],"defaultStatus":"affected","product":"Red Hat Quay 3.9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:satellite:6.18::el9"],"defaultStatus":"affected","product":"Red Hat Satellite 6.18","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:multicluster_engine:2.11::el9"],"defaultStatus":"affected","product":"multicluster engine for Kubernetes 2.11","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:confidential_compute_attestation:1"],"defaultStatus":"affected","product":"Confidential Compute Attestation","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:migration_toolkit_applications:8"],"defaultStatus":"affected","product":"Migration Toolkit for Applications 8","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhmt:1"],"defaultStatus":"affected","product":"Migration Toolkit for Containers","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:network_observ_optr:1"],"defaultStatus":"affected","product":"Network Observability Operator","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_lightspeed"],"defaultStatus":"affected","product":"OpenShift Lightspeed","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_pipelines:1"],"defaultStatus":"affected","product":"OpenShift Pipelines","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:serverless:1"],"defaultStatus":"affected","product":"OpenShift Serverless","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:ansible_automation_platform:2"],"defaultStatus":"affected","product":"Red Hat Ansible Automation Platform 2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:podman_desktop:1"],"defaultStatus":"affected","product":"Red Hat Build of Podman Desktop","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:podman_desktop:0"],"defaultStatus":"affected","product":"Red Hat Build of Podman Desktop - Tech Preview","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jboss_data_grid:8"],"defaultStatus":"affected","product":"Red Hat Data Grid 8","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:edge_manager:1"],"defaultStatus":"affected","product":"Red Hat Edge Manager 1","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:9"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux_ai:3"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_ai"],"defaultStatus":"affected","product":"Red Hat OpenShift AI (RHOAI)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4"],"defaultStatus":"affected","product":"Red Hat OpenShift Container Platform 4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_data_foundation:4"],"defaultStatus":"affected","product":"Red Hat Openshift Data Foundation 4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_devspaces:3"],"defaultStatus":"affected","product":"Red Hat OpenShift Dev Spaces","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3"],"defaultStatus":"affected","product":"Red Hat Quay 3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:satellite:6"],"defaultStatus":"affected","product":"Red Hat Satellite 6","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:ansible_portal:2"],"defaultStatus":"affected","product":"Self-service automation portal 2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:cryostat:4"],"defaultStatus":"unaffected","product":"Cryostat 4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:amq_broker:7"],"defaultStatus":"unaffected","product":"Red Hat AMQ Broker 7","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:apache_camel_hawtio:4"],"defaultStatus":"unaffected","product":"Red Hat build of Apache Camel - HawtIO 4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:container_native_virtualization:4"],"defaultStatus":"unaffected","product":"Red Hat OpenShift Virtualization 4","vendor":"Red Hat"}],"datePublic":"2026-05-05T10:29:16.378Z","descriptions":[{"lang":"en","value":"A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier (URI) that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw separators, which can change the URI's intended authority. This issue allows applications that perform host allowlist checks, redirect validation, or outbound request routing to be steered to a different authority than specified, potentially bypassing security controls."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-140","description":"Improper Neutralization of Delimiters","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-6322"},{"name":"RHBZ#2466684","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2466684"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6322.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:34160"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:34342"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:37385"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:25273"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:34374"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:36754"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:26234"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:29197"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:36651"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:34766"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:29800"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:34770"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:29834"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:29796"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:29795"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:33683"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:30076"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:28571"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:26225"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:25271"}],"solutions":[{"lang":"en","value":"RHSA-2026:34160: Red Hat Ansible Automation Platform 2.6 for RHEL 9"},{"lang":"en","value":"RHSA-2026:34342: Cluster Observability Operator 1.5.0"},{"lang":"en","value":"RHSA-2026:37385: Red Hat Enterprise Linux Extensions Channel (v. 10)"},{"lang":"en","value":"RHSA-2026:25273: Red Hat Advanced Cluster Management for Kubernetes 2.16"},{"lang":"en","value":"RHSA-2026:34374: Red Hat Ansible Automation Platform 2.6"},{"lang":"en","value":"RHSA-2026:36754: Red Hat Developer Hub 1.10"},{"lang":"en","value":"RHSA-2026:26234: Red Hat Developer Hub 1.9"},{"lang":"en","value":"RHSA-2026:29197: Red Hat Discovery 2"},{"lang":"en","value":"RHSA-2026:36651: Red Hat Edge Manager 1.0"},{"lang":"en","value":"RHSA-2026:34766: Red Hat OpenShift Container Platform 4.19"},{"lang":"en","value":"RHSA-2026:29800: Red Hat OpenShift Container Platform 4.20"},{"lang":"en","value":"RHSA-2026:34770: Red Hat OpenShift Container Platform 4.21"},{"lang":"en","value":"RHSA-2026:29834: Red Hat OpenShift Container Platform 4.21"},{"lang":"en","value":"RHSA-2026:29796: Red Hat OpenShift Container Platform 4.22"},{"lang":"en","value":"RHSA-2026:29795: Red Hat OpenShift Container Platform 4.22"},{"lang":"en","value":"RHSA-2026:33683: Red Hat Quay 3.10"},{"lang":"en","value":"RHSA-2026:30076: Red Hat Quay 3.12"},{"lang":"en","value":"RHSA-2026:28571: Red Hat Quay 3.9"},{"lang":"en","value":"RHSA-2026:26225: Red Hat Satellite 6.18"},{"lang":"en","value":"RHSA-2026:25271: multicluster engine for Kubernetes 2.11"}],"timeline":[{"lang":"en","time":"2026-05-05T11:01:00.332Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-05-05T10:29:16.378Z","value":"Made public."}],"title":"fast-uri: fast-uri: URI authority bypass due to improper delimiter handling","x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-07-10T12:06:08.062Z"}}]}}