Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-45045

MEDIUM NVD
CVSS Score 5.3
Severity MEDIUM
Published Jul 08, 2026
Vendor unknown

Description

Fiber is an Express inspired web framework written in Go. Prior to 3.3.0 and 2.52.14, the BalancerForward proxy helper in middleware/proxy/proxy.go uses Header.Add() instead of Header.Set() when injecting X-Real-IP, allowing an attacker-supplied first X-Real-IP value to be forwarded to upstream servers for logging, rate limiting, and access control. This issue is fixed in version 3.3.0 and 2.52.14.

References