Cyber Posture

CVE-2026-25891

HighPublic PoC

Published: 24 February 2026

Published
24 February 2026
Modified
27 February 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0004 10.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-25891 is a high-severity Path Traversal (CWE-22) vulnerability in Gofiber Fiber. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 10.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190).
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SI-10 Information Input Validation
addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Path traversal in public-facing Fiber web framework static middleware directly enables remote unauthenticated file read on Windows servers, mapping to exploitation of internet-facing applications for initial access and sensitive data exposure.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Fiber is an Express inspired web framework written in Go. A Path Traversal (CWE-22) vulnerability in Fiber allows a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file system on Windows. This affects…

more

Fiber v3 through version 3.0.0. This has been patched in Fiber v3 version 3.1.0.

Deeper analysisAI

CVE-2026-25891 is a Path Traversal vulnerability (CWE-22) in Fiber, an Express-inspired web framework written in Go. The flaw allows a remote attacker to bypass the static middleware sanitizer and access arbitrary files on the server file system, but it is limited to Windows environments. It affects Fiber versions from v3 through 3.0.0 and has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation enables the attacker to read sensitive files on the affected Windows server, potentially exposing configuration data, source code, or other confidential information without impacting integrity or availability.

The vulnerability has been patched in Fiber v3 version 3.1.0. Official advisories and references, including the GitHub security advisory (GHSA-m3c2-496v-cw3v), pull request 4064, and commit 59133702301c2ab7b776dd123b474cbd995f2c86, detail the fix and recommend upgrading to the patched version.

Details

CWE(s)
CWE-22

Affected Products

gofiber
fiber
3.0.0 — 3.1.0

CVEs Like This One

CVE-2026-25882Same product: Gofiber Fiber
CVE-2026-25899Same product: Gofiber Fiber
CVE-2025-66630Same product: Gofiber Fiber
CVE-2025-59384Shared CWE-22
CVE-2025-15031Shared CWE-22
CVE-2026-7213Shared CWE-22
CVE-2026-24479Shared CWE-22
CVE-2025-66744Shared CWE-22
CVE-2026-6057Shared CWE-22
CVE-2026-5436Shared CWE-22

References