CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/11 9:47 p.m.•31 views

CVE-2026-42554 Fiber: XSS in AutoFormat Content Negotiation

5.3CVSS0.00212EPSS

CVE•added 2026/05/11 9:47 p.m.•14 views

CVE-2026-42554

CVE-2026-42554 describes an XSS in Fiber’s AutoFormat content negotiation. Affected: GoFiber/v3 up to 3.1.0 and GoFiber/v2 up to 2.52.12. Root cause: the html branch of AutoFormat can emit raw, attacker-influenced data wrapped in HTML when the client sends Accept: text/html, enabling injection of...

6.1CVSS6AI score0.00212EPSS

Exploits1References1Affected Software1

CNNVD•added 2026/05/11 12:0 a.m.•6 views

Fiber 跨站脚本漏洞

Fiber is an open-source web framework written in Go. Versions of Fiber prior to 2.52.12 and 3.1.0 contain a cross-site scripting vulnerability. This vulnerability stems from cross-site scripting, allowing remote attackers to inject arbitrary HTML/JavaScript into any request by providing Accept:...

6.1CVSS5.8AI score0.00212EPSS

Snyk•added 2026/05/05 8:13 p.m.•6 views

Cross-site Scripting (XSS)

Overview github.com/gofiber/fiber/v2 is an Express inspired web framework written in Go. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the AutoFormat process. An attacker can inject arbitrary HTML or JavaScript by supplying a crafted Accept: text/html header and...

6.1CVSS6AI score0.00212EPSS

NVD•added 2026/05/05 1:16 p.m.•7 views

CVE-2026-30246

Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query string. As a result, requests for the same path with different query parameters can share a cache key...

6.5CVSS0.00251EPSS

EUVD•added 2026/05/05 12:40 p.m.•5 views

EUVD-2026-27313

6.5CVSS5.8AI score0.00251EPSS

Cvelist•added 2026/05/05 12:40 p.m.•34 views

CVE-2026-30246 github.com/gofiber/fiber/v3 cache middleware can mix responses across query parameters

6.5CVSS0.00251EPSS

ATTACKERKB•added 2026/05/05 12:40 p.m.•5 views

CVE-2026-30246

6.5CVSS5.8AI score0.00251EPSS

Exploits1References4Affected Software1

CNNVD•added 2026/05/05 12:0 a.m.•5 views

Fiber 安全漏洞

Fiber is an open-source web framework written in Go. Versions of Fiber 3.1.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the default key generator used in the caching middleware, which only uses the request path without including the query string. As a result,...

6.5CVSS5.8AI score0.00251EPSS

Snyk•added 2026/04/28 10:28 p.m.•5 views

Use of Cache Containing Sensitive Information

Overview Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to the default KeyGenerator process in the cache middleware not including query parameters when generating cache keys. An attacker can access or cause exposure of user-specific or...

6.9CVSS5.8AI score0.00251EPSS

Snyk•added 2026/04/28 10:28 p.m.•9 views

Use of Cache Containing Sensitive Information

6.9CVSS5.8AI score0.00251EPSS

Circl•added 2026/04/25 1:8 p.m.•6 views

CVE-2026-42554

creationtimestamp| type| source ---|---|--- 2026-04-25 13:08:32+00:00| published-proof-of-concept| https://github.com/gofiber/fiber/security/advisories/GHSA-qjv7-627w-8qjv...

6.1CVSS5.8AI score0.00212EPSS

SUSE CVE•added 2026/03/05 6:55 a.m.•1 views

SUSE CVE-2025-66630

Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may...

9.4CVSS5.8AI score0.00471EPSS

Exploits0References3

SUSE CVE•added 2026/03/04 12:26 a.m.•0 views

SUSE CVE-2026-25882

Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to routes with more than 30 parameters. The vulnerability results from missing validation during route...

7.5CVSS5.9AI score0.00594EPSS

CNVD•added 2026/03/04 12:0 a.m.•4 views

Fiber Security Feature Issue Vulnerability

Fiber is Fiber open source an open source Web framework written in Go language . Fiber suffers from a security signature issue vulnerability. The vulnerability stems from an error not returned by the UUID function and can be exploited by an attacker to use predictable or low entropy identifiers i...

9.4CVSS6AI score0.00471EPSS

Exploits0References1

RedhatCVE•added 2026/02/25 10:17 p.m.•3 views

CVE-2026-25891

Fiber is an Express inspired web framework written in Go. A Path Traversal CWE-22 vulnerability in Fiber allows a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file system on Windows. This affects Fiber v3 through version 3.0.0. This has been...

8.7CVSS5.7AI score0.00618EPSS

NVD•added 2026/02/24 10:16 p.m.•6 views

CVE-2026-25891

8.7CVSS0.00618EPSS

NVD•added 2026/02/24 10:16 p.m.•6 views

CVE-2026-25899

Fiber is an Express inspired web framework written in Go. In versions on the v3 branch prior to 3.1.0, the use of the fiberflash cookie can force an unbounded allocation on any server. A crafted 10-character cookie value triggers an attempt to allocate up to 85GB of memory via unvalidated msgpack...

7.5CVSS0.00396EPSS