| id: GO-2026-4471 |
| modules: |
| - module: github.com/gofiber/fiber |
| vulnerable_at: 1.14.6 |
| - module: github.com/gofiber/fiber/v2 |
| versions: |
| - fixed: 2.52.11 |
| vulnerable_at: 2.52.10 |
| packages: |
| - package: github.com/gofiber/fiber/v2/utils |
| symbols: |
| - UUID |
| - UUIDv4 |
| summary: |- |
| Fiber has an insecure fallback in utils.UUIDv4() / utils.UUID() on |
| crypto/rand failure in github.com/gofiber/fiber |
| description: |- |
| Fiber has an insecure fallback in utils.UUIDv4() / utils.UUID() — predictable |
| / zero‑UUID on crypto/rand failure in github.com/gofiber/fiber |
| cves: |
| - CVE-2025-66630 |
| ghsas: |
| - GHSA-68rr-p4fp-j59v |
| references: |
| - advisory: https://github.com/gofiber/fiber/security/advisories/GHSA-68rr-p4fp-j59v |
| - fix: https://github.com/gofiber/fiber/commit/eb874b6f6c5896b968d9b0ab2b56ac7052cb0ee1 |
| - web: https://github.com/gofiber/fiber/releases/tag/v2.52.11 |
| notes: |
| - create: failed to auto-populate symbols |
| - lint: 'modules[0] "github.com/gofiber/fiber": versions: no latest fixed version (required for NEEDS_REVIEW report)' |
| source: |
| id: GHSA-68rr-p4fp-j59v |
| created: 2026-02-12T14:12:53.717114-05:00 |
| review_status: REVIEWED |
