GO-2026-4534 Fiber is Vulnerable to Denial of Service via Flash Cookie Unbounded Allocation in github.com/gofiber/fiber/v3

Fiber is Vulnerable to Denial of Service via Flash Cookie Unbounded Allocation in github.com/gofiber/fiber/v3...

CVE-2026-25899 Fiber is Vulnerable to Denial of Service via Flash Cookie Unbounded Allocation

Fiber is an Express inspired web framework written in Go. In versions on the v3 branch prior to 3.1.0, the use of the fiberflash cookie can force an unbounded allocation on any server. A crafted 10-character cookie value triggers an attempt to allocate up to 85GB of memory via unvalidated msgpack...

GHSA-M3C2-496V-CW3V Fiber has an Arbitrary File Read in Static Middleware on Windows

Summary Description A Path Traversal CWE-22 vulnerability in Fiber allows a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file system on Windows. This affects Fiber v3 through version 3.0.0. This has been patched in Fiber v3 version 3.1.0. Detail...

PT-2025-22526 · Fiber · Fiber

Name of the Vulnerable Software and Affected Versions: Fiber versions 2.52.6 through 2.52.6 Description: The issue affects the fiber.Ctx.BodyParser functionality, which can map flat data to nested slices using keyidxvalue syntax. However, when idx is negative, it causes a panic instead of returni...