CVE-2026-33806

high

Red Hat

CVSS v3 Base Score

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS Score

0.0%

Exploitation probability in 30 days

Top 87% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Confidentiality

None

Integrity

High

Availability

None

Published: April 15, 2026 (29 days ago)

Last Modified: April 15, 2026

Vendor: Red Hat

Source: REDHAT

Description

A flaw was found in Fastify. A remote attacker could exploit this vulnerability by prepending a space to the Content-Type header in a request. This action bypasses the application's schema validation, allowing the attacker to submit data that would otherwise be rejected. This could lead to unexpected data processing and potential integrity issues within the application.

CWE

CWE-1289

Affected Products

Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat OpenShift AI (RHOAI)Red Hat OpenShift Dev Spaces

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 cna.openjsf.org 🔗 github.com

CVE-2026-33806

Vulnerability Report

Description

CWE

Affected Products

References