Every CVE whose affected-product data names Openjsf Fast-uri, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2026-13676 — CVSS 7.5 (high): fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode (IDN) hostnames for HTTP-family URLs. The IDN conversion path…
CVE-2026-6321 — CVSS 7.5 (high): fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize() and equal()…
CVE-2026-6322 — CVSS 7.5 (high): fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters…