CVE-2026-45045 - Fiber: X-Real-IP Spoofing via Header.Add() in BalancerForward

CVE ID :CVE-2026-45045
Published : July 8, 2026, 7:26 p.m. | 20 minutes ago
Description :Fiber is an Express inspired web framework written in Go. Prior to 3.3.0 and 2.52.14, the BalancerForward proxy helper in middleware/proxy/proxy.go uses Header.Add() instead of Header.Set() when injecting X-Real-IP, allowing an attacker-supplied first X-Real-IP value to be forwarded to upstream servers for logging, rate limiting, and access control. This issue is fixed in version 3.3.0 and 2.52.14.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

from Latest Vulnerabilities https://ift.tt/wtEJnqo
via IFTTT

Maloy Roy Orko

I am Maloy Roy Orko. An aspiring security researcher. Learning New Fields and Strategies Since 2019. 💻

Post a Comment

Please Select Embedded Mode To Show The Comment System.*

Previous Post Next Post