64 matches found
CVE-2026-25899
CVE-2026-25899 affects GoFiber (Fiber) v3 branch prior to 3.1.0. The issue arises from the use of the fiber_flash cookie, which can trigger unbounded memory allocation (up to ~85 GB) via unvalidated MsgPack deserialization. A crafted 10-character cookie causes the allocation, with no authenticati...
CVE-2026-25899 Fiber is Vulnerable to Denial of Service via Flash Cookie Unbounded Allocation
Fiber is an Express inspired web framework written in Go. In versions on the v3 branch prior to 3.1.0, the use of the fiberflash cookie can force an unbounded allocation on any server. A crafted 10-character cookie value triggers an attempt to allocate up to 85GB of memory via unvalidated msgpack...
CVE-2026-25891
This CVE affects the Go web framework Fiber (v3 up to 3.0.0) and allows a remote attacker to perform a path traversal to bypass the static middleware sanitizer and read arbitrary files on Windows. Root cause: improper validation in static middleware enabling directory traversal (CWE-22). Impact: ...
CVE-2026-25891
Fiber is an Express inspired web framework written in Go. A Path Traversal CWE-22 vulnerability in Fiber allows a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file system on Windows. This affects Fiber v3 through version 3.0.0. This has been...
CVE-2026-25891 Fiber has an Arbitrary File Read in Static Middleware on Windows
Fiber is an Express inspired web framework written in Go. A Path Traversal CWE-22 vulnerability in Fiber allows a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file system on Windows. This affects Fiber v3 through version 3.0.0. This has been...
CVE-2026-25891 Fiber has an Arbitrary File Read in Static Middleware on Windows
Fiber is an Express inspired web framework written in Go. A Path Traversal CWE-22 vulnerability in Fiber allows a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file system on Windows. This affects Fiber v3 through version 3.0.0. This has been...
CVE-2026-25891 Fiber has an Arbitrary File Read in Static Middleware on Windows
Fiber is an Express inspired web framework written in Go. A Path Traversal CWE-22 vulnerability in Fiber allows a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file system on Windows. This affects Fiber v3 through version 3.0.0. This has been...
CVE-2026-25882
Fiber (Go) has a Denial of Service vulnerability (CVE-2026-25882) affecting v2 and v3: routing mismatch with more than 30 parameters can crash the app due to missing validation during route registration and an unbounded array write during request matching. Affected versions are v2 prior to 2.52.1...
CVE-2026-25882 Fiber has a Denial of Service Vulnerability via Route Parameter Overflow
Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to routes with more than 30 parameters. The vulnerability results from missing validation during route...
CVE-2026-25882
Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to routes with more than 30 parameters. The vulnerability results from missing validation during route...
CVE-2026-25882 Fiber has a Denial of Service Vulnerability via Route Parameter Overflow
Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to routes with more than 30 parameters. The vulnerability results from missing validation during route...
Fiber 路径遍历漏洞
Fiber is an open-source web framework written in Go. Versions of Fiber v3 and earlier have a path traversal vulnerability. This vulnerability arises from the possibility of bypassing the static middleware cleaner, which may lead to the reading of arbitrary files on the Windows server file system...
Fiber 安全漏洞
Fiber is an open-source web framework written in Go. Versions of Fiber prior to 2.52.12 and 3.1.0 contain security vulnerabilities. These vulnerabilities stem from lack of validation during route registration and unbounded array writes during request matching, which may lead to application crashe...
Fiber 安全漏洞
Fiber is an open-source web framework written in Go language. Versions of Fiber prior to 3.1.0 have a security vulnerability. This vulnerability stems from the fiberflash cookie, which can trigger excessive memory allocation through unvalidated msgpack deserialization, potentially leading to...
PT-2026-21803
Name of the Vulnerable Software and Affected Versions Fiber versions prior to 3.1.0 Description The use of the fiber flash cookie can lead to an unbounded allocation on any server. A specially crafted 10-character cookie value triggers an attempt to allocate up to 85GB of memory through unvalidat...
PT-2026-21802
Name of the Vulnerable Software and Affected Versions Fiber versions 3.0.0 and earlier Fiber versions 3.0.0 through 3.0.0 Description A Path Traversal flaw exists in Fiber, potentially allowing a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file...
CVE-2025-66630
A flaw was found in the Fiber web framework github.com/gofiber/fiber/v2. On Go versions prior to 1.24, the framework's Universally Unique Identifier UUID generation functions do not return an error when the underlying cryptographic randomness source fails. This can cause applications to use...
CVE-2025-66630
Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may...
CVE-2025-66630 Fiber insecurely fallsback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure
Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may...
CVE-2025-66630 Fiber insecurely fallsback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure
Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may...