HomeCVE Intelligence › CVE-2026-6322
CVSS 7.5 HIGH Vulnerability

CVE-2026-6322: fast-uri vulnerable to host confusion via percent-encoded authority delimiters

Impact fast-uri v3.1.1 and earlier decodes percent-encoded authority delimiters (%40 as @, %3A as :) inside the host component and serializes them back as raw characters. This changes the URI structure, turning a hostna…

7.5CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-6322
Vendornpm
Affected Productfast-uri
Vulnerability TypeVulnerability
CVSS Score7.5 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Impact fast-uri v3.1.1 and earlier decodes percent-encoded authority delimiters (%40 as @, %3A as :) inside the host component and serializes them back as raw characters. This changes the URI structure, turning a hostname into userinfo plus a different host. For example, http://trusted.com%40evil.com/ normalizes to http://trusted.com@evil.com/, which reparses as host evil.com with userinfo trusted.com. Applications that normalize untrusted URLs before host allowlist checks, redirect validation, or outbound request routing can be steered to a different authority than the original URL appeared to contain.

Patches Upgrade to fast-uri >= 3.1.2.

Workarounds None. Upgrade to the patched version.

🎯 Known Indicators of Compromise

{"type":"url","value":"http://trusted.com%40evil.com/`","confidence_score":0.82,"first_seen":"2026-05-08","source_count":1} {"type":"url","value":"http://trusted.com@evil.com/`,","confidence_score":0.82,"first_seen":"2026-05-08","source_count":1} {"type":"domain","value":"trusted.com","confidence_score":0.75,"first_seen":"2026-05-08","source_count":1} {"type":"domain","value":"40evil.com","confidence_score":0.75,"first_seen":"2026-05-08","source_count":1} {"type":"domain","value":"evil.com","confidence_score":0.75,"first_seen":"2026-05-08","source_count":1}

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-6322 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence