{
  "threat_severity" : "Important",
  "public_date" : "2026-04-15T10:13:25Z",
  "bugzilla" : {
    "description" : "@fastify/reply-from: @fastify/http-proxy: Fastify Reply From and HTTP Proxy: Security bypass via Connection header manipulation",
    "id" : "2458651",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2458651"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-444",
  "details" : [ "@fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This allows attackers to retroactively strip proxy-added headers from upstream requests by listing them in the Connection header value. Any header added by the proxy for routing, access control, or security purposes can be selectively removed by a client. @fastify/http-proxy is also affected as it delegates to @fastify/reply-from. \nUpgrade to @fastify/reply-from v12.6.2 or @fastify/http-proxy v11.4.4 or later.", "A flaw was found in @fastify/reply-from and @fastify/http-proxy. A remote attacker can exploit this vulnerability by manipulating the Connection header in client requests. This allows the attacker to remove specific headers that the proxy has added for security, routing, or access control purposes. Consequently, an attacker could bypass security mechanisms or gain unauthorized access to resources." ],
  "statement" : "An Important flaw exists in @fastify/reply-from and @fastify/http-proxy, allowing a remote attacker to bypass security, routing, or access control mechanisms. This is achieved by manipulating the Connection header in client requests, which can remove critical proxy-added headers. If reply-from or http-proxy are being used to add security relevant headers the attacker may be able to remove such information resulting in authentication bypass, privilege escalations or the possibility of jeopardize any further security control which depends on the removed request headers. This vulnerability have a high attack complexity rate as the attacker needs to intercept the communication between the client and the server to be able to manipulate the headers.",
  "affected_release" : [ {
    "product_name" : "Red Hat OpenShift Dev Spaces 3.27",
    "release_date" : "2026-04-23T00:00:00Z",
    "advisory" : "RHSA-2026:10175",
    "cpe" : "cpe:/a:redhat:openshift_devspaces:3.27::el9",
    "package" : "devspaces/dashboard-rhel9:1776795511"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-dashboard-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Affected",
    "package_name" : "rhoai/odh-dashboard-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Affected",
    "package_name" : "rhoai/odh-mod-arch-gen-ai-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Affected",
    "package_name" : "rhoai/odh-mod-arch-maas-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Affected",
    "package_name" : "rhoai/odh-mod-arch-model-registry-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-33805\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-33805\nhttps://cna.openjsf.org/security-advisories.html\nhttps://github.com/fastify/fastify-reply-from/security/advisories/GHSA-gwhp-pf74-vj37" ],
  "name" : "CVE-2026-33805",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}