Back to search
CVE-2026-25891
Published: Feb 24, 2026
Modified: Feb 24, 2026
PUBLISHED
Description
Fiber is an Express inspired web framework written in Go. A Path Traversal (CWE-22) vulnerability in Fiber allows a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file system on Windows. This affects Fiber v3 through version 3.0.0. This has been patched in Fiber v3 version 3.1.0.
| Vendor | Product | Versions |
|---|---|---|
gofiber | fiber | affected >= 3.0.0, < 3.1.0 |
Weaknesses (CWE)
References
https://github.com/gofiber/fiber/security/advisories/GHSA-m3c2-496v-cw3v
x_refsource_CONFIRM
https://github.com/gofiber/fiber/pull/4064
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now