CVE-2026-3635

medium

Red Hat

CVSS v3 Base Score

6.1

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Attack Characteristics

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Confidentiality

High

Integrity

None

Availability

None

Published: March 23, 2026 (52 days ago)

Last Modified: March 23, 2026

Vendor: Red Hat

Source: REDHAT

Description

A flaw was found in fastify. When the trustProxy option is configured with a restrictive trust function, such as a specific IP, a subnet, a hop count or a custom function, the request.protocol and request.host getters read X-Forwarded-Proto and X-Forwarded-Host headers from any connection, including connections from untrusted IPs. This allows an attacker connecting directly to the server, bypassing the proxy, to spoof both the protocol and host seen by the application.

CWE

CWE-348

Affected Products

Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat OpenShift AI (RHOAI)Red Hat OpenShift Dev Spaces

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 cna.openjsf.org 🔗 github.com

CVE-2026-3635

Vulnerability Report

Description

CWE

Affected Products

References