CVE-2026-2293 – NestJS 11.1.13 – Lack of data validation allowing authentication/authorization bypass

CVE ID : CVE-2026-2293

Published : Feb. 27, 2026, 4:15 p.m. | 57 minutes ago

Description : A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when Fastify path-normalization options are enabled.

This issue affects nest.Js: 11.1.13.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…