CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-59731

highCVSS 8.2covered by 1 sourcefirst seen 2026-07-08
Astro is a web framework for content-driven websites. Version 6.4.7 performs authorization decisions on a partially decoded pathname after reaching the iterative URL decoder limit, while later rewrite route matching performs an additional decodeURI() operation and can resolve the request to a protected route. This issue is fixed in version 6.4.8.

⚡ Watch CVE-2026-59731

Get an email if CVE-2026-59731 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-59731

CVE.org record

Embed the live status

CVE-2026-59731 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-59731 status](https://www.csirts.com/badge/CVE-2026-59731)](https://www.csirts.com/cve/CVE-2026-59731)