Q: What is the severity of CVE-2026-7768?

CVE-2026-7768 has a CVSS Base Score of 7.5/10 and is classified as High severity. It is important to assess the risk based on your specific environment.

Q: How do I fix CVE-2026-7768?

Remediation typically involves updating the affected software products to the latest patched version. Refer to the 'Affected Products' and 'Remediation' sections on this page for specific mitigation steps and vendor advisories.

Question 1

What is CVE-2026-7768?

Accepted Answer

@fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct but matching Accept header variants to make the cache grow unbounded, eventually exhausting the Node.js heap and crashing the process. Versions <= 6.0.3 are affected. Update to 6.0.4 or later, which bounds the cache via an LRU with a default size of 100 entries, configurable through the new cacheSize plugin option.

Question 2

What is the severity of CVE-2026-7768?

Accepted Answer

CVE-2026-7768 has a CVSS Base Score of 7.5/10 and is classified as High severity. It is important to assess the risk based on your specific environment.

Question 3

How do I fix CVE-2026-7768?

Accepted Answer

Remediation typically involves updating the affected software products to the latest patched version. Refer to the 'Affected Products' and 'Remediation' sections on this page for specific mitigation steps and vendor advisories.

CVE-2026-7768

Exploitation Probability (EPSS)

7-Day Exploitation Trend

Vulnerability Timeline

Threat Actor Attribution

Remediation & Mitigation

References

Am I Vulnerable?

Share This Page

Vulnerability Details

Need API Access?

Need Manual Validation?