Q: What is the severity of CVE-2026-6322?

CVE-2026-6322 has a CVSS Base Score of 7.5/10 and is classified as High severity. It is important to assess the risk based on your specific environment.

Q: How do I fix CVE-2026-6322?

Remediation typically involves updating the affected software products to the latest patched version. Refer to the 'Affected Products' and 'Remediation' sections on this page for specific mitigation steps and vendor advisories.

Question 1

What is CVE-2026-6322?

Accepted Answer

fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a raw userinfo separator, changing the URI's authority to the second domain. Applications that normalize untrusted URLs before host allowlist checks, redirect validation, or outbound request routing can be steered to a different authority than the input appeared to specify. Versions <= 3.1.1 are affected. Update to 3.1.2 or later.

Question 2

What is the severity of CVE-2026-6322?

Accepted Answer

CVE-2026-6322 has a CVSS Base Score of 7.5/10 and is classified as High severity. It is important to assess the risk based on your specific environment.

Question 3

How do I fix CVE-2026-6322?

Accepted Answer

Remediation typically involves updating the affected software products to the latest patched version. Refer to the 'Affected Products' and 'Remediation' sections on this page for specific mitigation steps and vendor advisories.

CVE-2026-6322

Exploitation Probability (EPSS)

7-Day Exploitation Trend

Vulnerability Timeline

Threat Actor Attribution

Remediation & Mitigation

References

Am I Vulnerable?

Share This Page

Vulnerability Details

Need API Access?

Need Manual Validation?