Lucene search
K

387 matches found

OSV
OSV
added 2026/02/24 9:8 p.m.6 views

CVE-2026-25891 Fiber has an Arbitrary File Read in Static Middleware on Windows

Fiber is an Express inspired web framework written in Go. A Path Traversal CWE-22 vulnerability in Fiber allows a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file system on Windows. This affects Fiber v3 through version 3.0.0. This has been...

8.7CVSS5.8AI score0.00618EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/24 9:8 p.m.4 views

CVE-2026-25891

Fiber is an Express inspired web framework written in Go. A Path Traversal CWE-22 vulnerability in Fiber allows a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file system on Windows. This affects Fiber v3 through version 3.0.0. This has been...

8.7CVSS5.9AI score0.00618EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/24 9:8 p.m.5 views

CVE-2026-25891 Fiber has an Arbitrary File Read in Static Middleware on Windows

Fiber is an Express inspired web framework written in Go. A Path Traversal CWE-22 vulnerability in Fiber allows a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file system on Windows. This affects Fiber v3 through version 3.0.0. This has been...

8.7CVSS5.7AI score0.00618EPSS
Exploits1References3
CVE
CVE
added 2026/02/24 9:8 p.m.18 views

CVE-2026-25891

This CVE affects the Go web framework Fiber (v3 up to 3.0.0) and allows a remote attacker to perform a path traversal to bypass the static middleware sanitizer and read arbitrary files on Windows. Root cause: improper validation in static middleware enabling directory traversal (CWE-22). Impact: ...

8.7CVSS5.7AI score0.00618EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/24 9:8 p.m.24 views

CVE-2026-25891 Fiber has an Arbitrary File Read in Static Middleware on Windows

Fiber is an Express inspired web framework written in Go. A Path Traversal CWE-22 vulnerability in Fiber allows a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file system on Windows. This affects Fiber v3 through version 3.0.0. This has been...

8.7CVSS0.00618EPSS
Exploits1References3
CVE
CVE
added 2026/02/24 9:5 p.m.13 views

CVE-2026-25882

Fiber (Go) has a Denial of Service vulnerability (CVE-2026-25882) affecting v2 and v3: routing mismatch with more than 30 parameters can crash the app due to missing validation during route registration and an unbounded array write during request matching. Affected versions are v2 prior to 2.52.1...

7.5CVSS5.6AI score0.00594EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/24 9:5 p.m.6 views

CVE-2026-25882 Fiber has a Denial of Service Vulnerability via Route Parameter Overflow

Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to routes with more than 30 parameters. The vulnerability results from missing validation during route...

6.9CVSS5.6AI score0.00594EPSS
Exploits1References4
OSV
OSV
added 2026/02/24 9:5 p.m.7 views

CVE-2026-25882 Fiber has a Denial of Service Vulnerability via Route Parameter Overflow

Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to routes with more than 30 parameters. The vulnerability results from missing validation during route...

6.9CVSS5.7AI score0.00594EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/02/24 9:5 p.m.2 views

CVE-2026-25882

Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to routes with more than 30 parameters. The vulnerability results from missing validation during route...

7.5CVSS5.9AI score0.00594EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/02/24 9:5 p.m.24 views

CVE-2026-25882 Fiber has a Denial of Service Vulnerability via Route Parameter Overflow

Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to routes with more than 30 parameters. The vulnerability results from missing validation during route...

6.9CVSS0.00594EPSS
Exploits1References4
OSV
OSV
added 2026/02/24 9:4 p.m.6 views

GHSA-MRQ8-RJMW-WPQ3 Fiber has a Denial of Service Vulnerability via Route Parameter Overflow

A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to routes with more than 30 parameters. The vulnerability results from missing validation during route registration combined with an unbounded array write during...

8.2CVSS6AI score0.00594EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2026/02/24 9:4 p.m.7 views

Fiber has a Denial of Service Vulnerability via Route Parameter Overflow

A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to routes with more than 30 parameters. The vulnerability results from missing validation during route registration combined with an unbounded array write during...

7.5CVSS5.9AI score0.00594EPSS
Exploits1References7Affected Software2
OSV
OSV
added 2026/02/24 8:57 p.m.5 views

GHSA-2MR3-M5Q5-WGP6 Fiber is Vulnerable to Denial of Service via Flash Cookie Unbounded Allocation

Summary The use of the fiberflash cookie can force an unbounded allocation on any server. A crafted 10-character cookie value triggers an attempt to allocate up to 85GB of memory via unvalidated msgpack deserialization. No authentication is required. Every GoFiber v3 endpoint is affected regardle...

7.5CVSS5.9AI score0.00396EPSS
Exploits1References5
Snyk
Snyk
added 2026/02/24 8:57 p.m.3 views

Memory Allocation with Excessive Size Value

Overview github.com/gofiber/fiber/v3 is an Express inspired web framework written in Go. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the parseAndClearFlashMessages function. An attacker can cause excessive memory allocation by sending a...

8.7CVSS6AI score0.00396EPSS
Exploits1References2
OSV
OSV
added 2026/02/24 8:51 p.m.8 views

GHSA-M3C2-496V-CW3V Fiber has an Arbitrary File Read in Static Middleware on Windows

Summary Description A Path Traversal CWE-22 vulnerability in Fiber allows a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file system on Windows. This affects Fiber v3 through version 3.0.0. This has been patched in Fiber v3 version 3.1.0. Detail...

8.7CVSS7.2AI score0.00618EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/02/24 8:51 p.m.15 views

Fiber has an Arbitrary File Read in Static Middleware on Windows

Summary Description A Path Traversal CWE-22 vulnerability in Fiber allows a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file system on Windows. This affects Fiber v3 through version 3.0.0. This has been patched in Fiber v3 version 3.1.0. Detail...

8.7CVSS7.2AI score0.00618EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.9 views

Fiber 安全漏洞

Fiber is an open-source web framework written in Go language. Versions of Fiber prior to 3.1.0 have a security vulnerability. This vulnerability stems from the fiberflash cookie, which can trigger excessive memory allocation through unvalidated msgpack deserialization, potentially leading to...

7.5CVSS5.8AI score0.00396EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.9 views

Fiber 路径遍历漏洞

Fiber is an open-source web framework written in Go. Versions of Fiber v3 and earlier have a path traversal vulnerability. This vulnerability arises from the possibility of bypassing the static middleware cleaner, which may lead to the reading of arbitrary files on the Windows server file system...

8.7CVSS7.4AI score0.00618EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.12 views

Fiber 安全漏洞

Fiber is an open-source web framework written in Go. Versions of Fiber prior to 2.52.12 and 3.1.0 contain security vulnerabilities. These vulnerabilities stem from lack of validation during route registration and unbounded array writes during request matching, which may lead to application crashe...

7.5CVSS5.8AI score0.00594EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.9 views

PT-2026-21801

Name of the Vulnerable Software and Affected Versions Fiber versions prior to 2.52.12 Fiber versions prior to 3.0.1 Description Fiber is an Express inspired web framework written in Go. A denial of service issue exists in Fiber that allows remote attackers to crash the application by sending...

9.9CVSS6.1AI score0.27661EPSS
Exploits45References124
Rows per page
Query Builder