Is Fiber affected by CVE-2026-25882?

A denial of service vulnerability in Fiber web framework (v2 and v3) allows attackers to crash affected applications by sending specially crafted requests, potentially disrupting service availability.

CVE-2026-25882

HIGH

2026-02-24 [email protected]

GHSA-mrq8-rjmw-wpq3

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 27, 2026 - 03:18 vuln.today

Public exploit code

Patch Released

Feb 27, 2026 - 03:18 nvd

Patch available

CVE Published

Feb 24, 2026 - 21:16 nvd

HIGH 7.5

Description

Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to routes with more than 30 parameters. The vulnerability results from missing validation during route registration combined with an unbounded array write during request matching. Version 2.52.12 patches the issue in the v2 branch and 3.1.0 patches the issue in the v3 branch.

Analysis

Fiber web framework versions 2 and 3 are vulnerable to denial of service attacks when processing requests to routes containing more than 30 parameters, enabling remote attackers to crash affected applications without authentication. The vulnerability stems from insufficient validation during route registration and unbounded array writes in request matching logic. …

Remediation

Within 24 hours: Inventory all applications running Fiber v2 or v3 and assess exposure to untrusted internet traffic. Within 7 days: Apply the available vendor patch to all affected Fiber instances and thoroughly test in staging environments before production deployment. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +38

POC: +20

Vendor Status

CVE-2026-25882 vulnerability details – vuln.today

Back

CVE-2026-25882

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Vendor Status

Share

CVE-2026-25882

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Vendor Status

Share

External POC / Exploit Code