Chimurai Http-proxy-middleware — known CVE vulnerabilities
Every CVE whose affected-product data names Chimurai Http-proxy-middleware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2026-55602 — CVSS 8.6 (high): http-proxy-middleware is node.js http-proxy middleware. From 0.16.0 until 2.0.10, 3.0.6, and 4.1.0, http-proxy-middleware documents router…
CVE-2024-21536 — CVSS 7.5 (high): Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an…
CVE-2026-55603 — CVSS 7.5 (high): http-proxy-middleware is node.js http-proxy middleware. From 3.0.4 until 3.0.7 and 4.1.1, fixRequestBody() is the library's documented…
CVE-2025-32996 — CVSS 4.0 (medium): In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used.
CVE-2025-32997 — CVSS 4.0 (medium): In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed.