Home/Product/gofiber fiber
Product

gofiber fiber

14 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-42554
< 2.52.12
Fiber is a web framework for Go. Prior to 2.52.12 and 3.1.0, Cross-Site Scripting vulnerability in Go Fiber allows a remote attack
6.1MEDIUM
 CVE-2026-30246
<= 3.1.0
Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache mid
6.5MEDIUM
 CVE-2026-25899
>= 3.0.0 and < 3.1.0
Fiber is an Express inspired web framework written in Go. In versions on the v3 branch prior to 3.1.0, the use of the `fiber_flash
7.5HIGH
 CVE-2026-25891
>= 3.0.0 and < 3.1.0
Fiber is an Express inspired web framework written in Go. A Path Traversal (CWE-22) vulnerability in Fiber allows a remote attacke
7.5HIGH
 CVE-2026-25882
>= 2.0.0 and < 2.52.12
Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 that allows
7.5HIGH
 CVE-2025-66630
< 2.52.11
Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand
9.4CRITICAL
 CVE-2025-54801
< 2.52.9
Fiber is an Express inspired web framework written in Go. In versions 2.52.8 and below, when using Fiber's Ctx.BodyParser to parse
7.5HIGH
 CVE-2025-48075
>= 2.0.0 and < 2.52.7
Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, `fiber.Ctx.BodyP
7.5HIGH
 CVE-2024-38513
< 2.52.5
Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session middlewa
10.0CRITICAL
 CVE-2024-25124
< 2.52.1
Fiber is a web framework written in go. Prior to version 2.52.1, the CORS middleware allows for insecure configurations that could
9.4CRITICAL
 CVE-2023-45141
< 2.50.0
Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in
8.6HIGH
 CVE-2023-45128
< 2.50.0
Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in
10.0CRITICAL
 CVE-2023-41338
< 2.49.2
Fiber is an Express inspired web framework built in the go language. Versions of gofiber prior to 2.49.2 did not properly restrict
5.3MEDIUM
 CVE-2020-15111
< 1.12.6
In Fiber before version 1.12.6, the filename that is given in c.Attachment() (https://docs.gofiber.io/ctx#attachment) is not escap
4.2MEDIUM
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh