diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
new file mode 100644
index 0000000000..29fb21cf5d
--- /dev/null
+++ b/fuzz/Cargo.toml
@@ -0,0 +1,19 @@
+[package]
+name = "rocket-fuzz"
+version = "0.0.0"
+edition = "2021"
+publish = false
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+libfuzzer-sys = "0.4"
+http = "1"
+bytes = "1"
+
+[[bin]]
+name = "fuzz_uri"
+path = "fuzz_targets/fuzz_uri.rs"
+test = false
+doc = false
diff --git a/fuzz/fuzz_targets/fuzz_uri.rs b/fuzz/fuzz_targets/fuzz_uri.rs
new file mode 100644
index 0000000000..9fc8edc9ef
--- /dev/null
+++ b/fuzz/fuzz_targets/fuzz_uri.rs
@@ -0,0 +1,9 @@
+#![no_main]
+use libfuzzer_sys::fuzz_target;
+use bytes::Bytes;
+use http::Uri;
+
+fuzz_target!(|data: &[u8]| {
+    // Rocket URI/route parsing — pre-auth
+    let _ = Uri::from_maybe_shared(Bytes::copy_from_slice(data));
+});