CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-44373

Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal (..%2f) in the URL, causing Nitro to forward a request that the upstream resolved outside the configured scope. This vulnerability is fixed in 3.0.260429-beta.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.6%

CVSS Severity

CVSS v3 Score 5.3

References

https://github.com/nitrojs/nitro/pull/4222
https://github.com/nitrojs/nitro/pull/4223
https://github.com/nitrojs/nitro/releases/tag/v2.13.4
https://github.com/nitrojs/nitro/releases/tag/v3.0.260429-beta
https://github.com/nitrojs/nitro/security/advisories/GHSA-5w89-w975-hf9q

Products affected by CVE-2026-44373

Nitro » Nitro » Version: Any

cpe:2.3:a:nitro:nitro:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-44373

Products

Pricing

Contact Us