Description

Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to routes with more than 30 parameters. The vulnerability results from missing validation during route registration combined with an unbounded array write during request matching. Version 2.52.12 patches the issue in the v2 branch and 3.1.0 patches the issue in the v3 branch.

INFO

Published Date :

2026-02-24T21:05:28.211Z

Last Modified :

2026-02-24T21:39:51.170Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-25882 vulnerability.

Vendors Products
Gofiber
  • Fiber
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-25882.

URL Resource
https://github.com/gofiber/fiber/blob/main/path.go#L514 cve-icon cve-icon
https://github.com/gofiber/fiber/blob/v2/path.go#L516 cve-icon cve-icon
https://github.com/gofiber/fiber/pull/3962 cve-icon cve-icon
https://github.com/gofiber/fiber/security/advisories/GHSA-mrq8-rjmw-wpq3 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact