fast-uri <=3.1.1 URI Normalization Bypass via Percent-Decoded @
CVE-2026-6322 Published on May 5, 2026

fast-uri vulnerable to host confusion via percent-encoded authority delimiters
fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a raw userinfo separator, changing the URI's authority to the second domain. Applications that normalize untrusted URLs before host allowlist checks, redirect validation, or outbound request routing can be steered to a different authority than the input appeared to specify. Versions <= 3.1.1 are affected. Update to 3.1.2 or later.

NVD

Vulnerability Analysis

CVE-2026-6322 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
HIGH
Availability Impact:
NONE

Weakness Types

Interpretation Conflict

Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state. This is generally found in proxies, firewalls, anti-virus software, and other intermediary devices that monitor, allow, deny, or modify traffic based on how the client or server is expected to behave.

Improper Neutralization of Delimiters

The software does not neutralize or incorrectly neutralizes delimiters.


Products Associated with CVE-2026-6322

Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.

Red Hat Acm
 
Red Hat Rhdh
 
Red Hat Discovery
 
Red Hat Quay
 
Red Hat Satellite
 
Red Hat Multicluster Engine
 
Red Hat Confidential Compute Attestation
 
Red Hat Migration Toolkit Applications
 
Red Hat Rhmt
 
Red Hat Network Observ Optr
 
Red Hat Openshift Lightspeed
 
Red Hat Openshift Pipelines
 
Red Hat Serverless
 
Red Hat Ansible Automation Platform
 
Red Hat Podman Desktop
 
Red Hat Jboss Data Grid
 
Red Hat Edge Manager
 
Red Hat Enterprise Linux (RHEL)
 
Red Hat Enterprise Linux Ai
 
Red Hat Openshift Ai
 
Red Hat Openshift
 
Red Hat Openshift Data Foundation
 
Red Hat Openshift Devspaces
 
Red Hat Container Native Virtualization
 
Red Hat Ansible Portal
 
Red Hat Cryostat
 
Red Hat Amq Broker
 
Red Hat Apache Camel Hawtio
 

Affected Versions

fast-uri: Red Hat Advanced Cluster Management for Kubernetes 2.16: Red Hat Developer Hub 1.9: Red Hat Discovery 2: Red Hat Quay 3.12: Red Hat Quay 3.9: Red Hat Satellite 6.18: Red Hat multicluster engine for Kubernetes 2.11: Red Hat Confidential Compute Attestation: Red Hat Migration Toolkit for Applications 8: Red Hat Migration Toolkit for Containers: Red Hat Network Observability Operator: Red Hat OpenShift Lightspeed: Red Hat OpenShift Pipelines: Red Hat OpenShift Serverless: Red Hat Ansible Automation Platform 2: Red Hat Build of Podman Desktop: Red Hat Build of Podman Desktop - Tech Preview: Red Hat Data Grid 8: Red Hat Edge Manager 1: Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 9: Red Hat Enterprise Linux AI (RHEL AI) 3: Red Hat OpenShift AI (RHOAI): Red Hat OpenShift Container Platform 4: Red Hat Openshift Data Foundation 4: Red Hat OpenShift Dev Spaces: Red Hat OpenShift Virtualization 4: Red Hat Quay 3: Red Hat Satellite 6: Red Hat Self-service automation portal 2: Red Hat Cryostat 4: Red Hat AMQ Broker 7: Red Hat build of Apache Camel - HawtIO 4:

Exploit Probability

EPSS
0.28%
Percentile
19.29%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.