CVE-2026-25891

High CVSS: 7.7

Fiber is an Express inspired web framework written in Go. A Path Traversal (CWE-22) vulnerability in Fiber allows a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file system on Windows. This affects Fiber v3 through version 3.0.0. This has been patched in Fiber v3 version 3.1.0.

Vendor

Gofiber

Product

Fiber

CWE

CWE-22

Yayın Tarihi

2026-02-24 22:16:31

Güncelleme

2026-02-27 03:18:58

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-22 Fiber HIGH Gofiber 2026

Referanslar

https://github.com/gofiber/fiber/commit/59133702301c2ab7b776dd123b474cbd995f2c86 https://github.com/gofiber/fiber/pull/4064 https://github.com/gofiber/fiber/security/advisories/GHSA-m3c2-496v-cw3v

Benzer Kayıtlar

High

CVE-2026-25899

Fiber is an Express inspired web framework written in Go. In versions on the v3 branch prior to 3.1.0, the use of the `f…

Medium

CVE-2026-25882

Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 th…

Critical

CVE-2025-66630

Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying c…

Critical

CVE-2025-66565

Fiber Utils is a collection of common functions created for Fiber. In versions 2.0.0-rc.3 and below, when the system's c…

High

CVE-2025-54801

Fiber is an Express inspired web framework written in Go. In versions 2.52.8 and below, when using Fiber's Ctx.BodyParse…

High

CVE-2025-48075

Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, `fiber…