Vulnerability Details CVE-2026-45045
Fiber is an Express inspired web framework written in Go. Prior to 3.3.0 and 2.52.14, the BalancerForward proxy helper in middleware/proxy/proxy.go uses Header.Add() instead of Header.Set() when injecting X-Real-IP, allowing an attacker-supplied first X-Real-IP value to be forwarded to upstream servers for logging, rate limiting, and access control. This issue is fixed in version 3.3.0 and 2.52.14.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 36.7%
CVSS Severity
CVSS v3 Score 5.3
Products affected by CVE-2026-45045
-
cpe:2.3:a:gofiber:fiber:-
-
cpe:2.3:a:gofiber:fiber:1.14.1
-
cpe:2.3:a:gofiber:fiber:1.14.2
-
cpe:2.3:a:gofiber:fiber:1.14.3
-
cpe:2.3:a:gofiber:fiber:1.14.4
-
cpe:2.3:a:gofiber:fiber:1.14.5
-
cpe:2.3:a:gofiber:fiber:1.14.6
-
cpe:2.3:a:gofiber:fiber:2.0.0
-
cpe:2.3:a:gofiber:fiber:2.0.1
-
cpe:2.3:a:gofiber:fiber:2.0.2
-
cpe:2.3:a:gofiber:fiber:2.0.3
-
cpe:2.3:a:gofiber:fiber:2.0.4
-
cpe:2.3:a:gofiber:fiber:2.0.5
-
cpe:2.3:a:gofiber:fiber:2.0.6
-
cpe:2.3:a:gofiber:fiber:2.1.0
-
cpe:2.3:a:gofiber:fiber:2.1.1
-
cpe:2.3:a:gofiber:fiber:2.1.2
-
cpe:2.3:a:gofiber:fiber:2.1.3
-
cpe:2.3:a:gofiber:fiber:2.1.4
-
cpe:2.3:a:gofiber:fiber:2.10.0
-
cpe:2.3:a:gofiber:fiber:2.11.0
-
cpe:2.3:a:gofiber:fiber:2.12.0
-
cpe:2.3:a:gofiber:fiber:2.13.0
-
cpe:2.3:a:gofiber:fiber:2.14.0
-
cpe:2.3:a:gofiber:fiber:2.15.0
-
cpe:2.3:a:gofiber:fiber:2.16.0
-
cpe:2.3:a:gofiber:fiber:2.17.0
-
cpe:2.3:a:gofiber:fiber:2.18.0
-
cpe:2.3:a:gofiber:fiber:2.19.0
-
cpe:2.3:a:gofiber:fiber:2.2.0
-
cpe:2.3:a:gofiber:fiber:2.2.1
-
cpe:2.3:a:gofiber:fiber:2.2.2
-
cpe:2.3:a:gofiber:fiber:2.2.3
-
cpe:2.3:a:gofiber:fiber:2.2.4
-
cpe:2.3:a:gofiber:fiber:2.2.5
-
cpe:2.3:a:gofiber:fiber:2.20.0
-
cpe:2.3:a:gofiber:fiber:2.20.1
-
cpe:2.3:a:gofiber:fiber:2.20.2
-
cpe:2.3:a:gofiber:fiber:2.21.0
-
cpe:2.3:a:gofiber:fiber:2.22.0
-
cpe:2.3:a:gofiber:fiber:2.23.0
-
cpe:2.3:a:gofiber:fiber:2.24.0
-
cpe:2.3:a:gofiber:fiber:2.25.0
-
cpe:2.3:a:gofiber:fiber:2.26.0
-
cpe:2.3:a:gofiber:fiber:2.27.0
-
cpe:2.3:a:gofiber:fiber:2.28.0
-
cpe:2.3:a:gofiber:fiber:2.29.0
-
cpe:2.3:a:gofiber:fiber:2.3.0
-
cpe:2.3:a:gofiber:fiber:2.3.1
-
cpe:2.3:a:gofiber:fiber:2.3.2
-
cpe:2.3:a:gofiber:fiber:2.3.3
-
cpe:2.3:a:gofiber:fiber:2.30.0
-
cpe:2.3:a:gofiber:fiber:2.31.0
-
cpe:2.3:a:gofiber:fiber:2.32.0
-
cpe:2.3:a:gofiber:fiber:2.33.0
-
cpe:2.3:a:gofiber:fiber:2.34.0
-
cpe:2.3:a:gofiber:fiber:2.34.1
-
cpe:2.3:a:gofiber:fiber:2.35.0
-
cpe:2.3:a:gofiber:fiber:2.36.0
-
cpe:2.3:a:gofiber:fiber:2.37.0
-
cpe:2.3:a:gofiber:fiber:2.37.1
-
cpe:2.3:a:gofiber:fiber:2.38.0
-
cpe:2.3:a:gofiber:fiber:2.38.1
-
cpe:2.3:a:gofiber:fiber:2.39.0
-
cpe:2.3:a:gofiber:fiber:2.4.0
-
cpe:2.3:a:gofiber:fiber:2.4.1
-
cpe:2.3:a:gofiber:fiber:2.40.0
-
cpe:2.3:a:gofiber:fiber:2.40.1
-
cpe:2.3:a:gofiber:fiber:2.41.0
-
cpe:2.3:a:gofiber:fiber:2.42.0
-
cpe:2.3:a:gofiber:fiber:2.43.0
-
cpe:2.3:a:gofiber:fiber:2.44.0
-
cpe:2.3:a:gofiber:fiber:2.45.0
-
cpe:2.3:a:gofiber:fiber:2.46.0
-
cpe:2.3:a:gofiber:fiber:2.47.0
-
cpe:2.3:a:gofiber:fiber:2.48.0
-
cpe:2.3:a:gofiber:fiber:2.49.0
-
cpe:2.3:a:gofiber:fiber:2.49.1
-
cpe:2.3:a:gofiber:fiber:2.49.2
-
cpe:2.3:a:gofiber:fiber:2.5.0
-
cpe:2.3:a:gofiber:fiber:2.50.0
-
cpe:2.3:a:gofiber:fiber:2.51.0
-
cpe:2.3:a:gofiber:fiber:2.52.0
-
cpe:2.3:a:gofiber:fiber:2.52.1
-
cpe:2.3:a:gofiber:fiber:2.52.10
-
cpe:2.3:a:gofiber:fiber:2.52.11
-
cpe:2.3:a:gofiber:fiber:2.52.12
-
cpe:2.3:a:gofiber:fiber:2.52.13
-
cpe:2.3:a:gofiber:fiber:2.52.2
-
cpe:2.3:a:gofiber:fiber:2.52.3
-
cpe:2.3:a:gofiber:fiber:2.52.4
-
cpe:2.3:a:gofiber:fiber:2.52.5
-
cpe:2.3:a:gofiber:fiber:2.52.6
-
cpe:2.3:a:gofiber:fiber:2.52.7
-
cpe:2.3:a:gofiber:fiber:2.52.8
-
cpe:2.3:a:gofiber:fiber:2.52.9
-
cpe:2.3:a:gofiber:fiber:2.6.0
-
cpe:2.3:a:gofiber:fiber:2.7.0
-
cpe:2.3:a:gofiber:fiber:2.7.1
-
cpe:2.3:a:gofiber:fiber:2.8.0
-
cpe:2.3:a:gofiber:fiber:2.9.0