Vulnerability DatabaseCVE-2025-66630

CVE-2025-66630:
Wolfi vulnerability analysis and mitigation

Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may unknowingly rely on predictable, repeated, or low-entropy identifiers in security-critical pathways. This is especially impactful because many Fiber v2 middleware components (session middleware, CSRF, rate limiting, request-ID generation, etc.) default to using utils.UUIDv4(). This vulnerability is fixed in 2.52.11.

Source: NVD

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

9.2

Score

Published February 9, 2026

Severity CRITICAL

CNA Score 9.2

Affected Technologies

Wolfi
Chainguard

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 5

Exploitation Probability (EPSS) N/A

Affected packages and libraries

github.com/gofiber/fiber/v2
github.com/gofiber/fiber

Sources

NVD
Chainguard
- Chainguard Has FixAdded at: Feb 11, 2026
GitHub Advisory Database
- GoLang Severity CRITICALHas FixAdded at: Feb 10, 2026
Wolfi
- Wolfi Has FixAdded at: Feb 12, 2026

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related Wolfi vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-40175	CRITICAL	10	JavaScript	grafana-prometheus	No	Yes	Apr 10, 2026
CVE-2026-32316	HIGH	8.2	Wolfi	jq-devel	No	No	Apr 13, 2026
CVE-2026-40227	MEDIUM	5.5	NixOS	systemd	No	Yes	Apr 10, 2026
CVE-2026-40179	MEDIUM	5.3	MinIO	certificate-transparency-fips	No	Yes	Apr 15, 2026
CVE-2026-40228	LOW	2.9	Wolfi	systemd	No	Yes	Apr 10, 2026