CVE-2026-25891 — HIGH (7.5)

Q: How severe is CVE-2026-25891?

CVE-2026-25891 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-25891?

Check the references section above for vendor advisories and patch information. Affected products include: Gofiber Fiber.

Vulnerability Description

Fiber is an Express inspired web framework written in Go. A Path Traversal (CWE-22) vulnerability in Fiber allows a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file system on Windows. This affects Fiber v3 through version 3.0.0. This has been patched in Fiber v3 version 3.1.0.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Gofiber	Fiber	>= 3.0.0, < 3.1.0

Related Weaknesses (CWE)

CWE-22

References

https://github.com/gofiber/fiber/commit/59133702301c2ab7b776dd123b474cbd995f2c86Patch
https://github.com/gofiber/fiber/pull/4064ExploitIssue Tracking
https://github.com/gofiber/fiber/security/advisories/GHSA-m3c2-496v-cw3vExploitVendor Advisory

FAQ

What is CVE-2026-25891?

CVE-2026-25891 is a vulnerability with a CVSS score of 7.5 (HIGH). Fiber is an Express inspired web framework written in Go. A Path Traversal (CWE-22) vulnerability in Fiber allows a remote attacker to bypass the static middleware sanitizer and read arbitrary files o...

How severe is CVE-2026-25891?

CVE-2026-25891 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-25891?

Check the references section above for vendor advisories and patch information. Affected products include: Gofiber Fiber.