Vulnerability in Gofiber Fiber

CVE-2026-25882

Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to routes with more than 30 parameters. The vul…

EPSS: 0.001 (24.1th percentile) — read the EPSS interpretation.

Affected products

Gofiber Fiber — versions >= 2.0.0, < 2.52.12, >= 3.0.0, < 3.1.0

Weakness classification (CWE)

CWE-129 — Improper Validation of Array Index

References

https://github.com/gofiber/fiber/security/advisories/GHSA-mrq8-rjmw-wpq3 (x_refsource_CONFIRM)
https://github.com/gofiber/fiber/pull/3962 (x_refsource_MISC)
https://github.com/gofiber/fiber/blob/main/path.go#L514 (x_refsource_MISC)
https://github.com/gofiber/fiber/blob/v2/path.go#L516 (x_refsource_MISC)