CVE-2026-30246

Name of the Vulnerable Software and Affected Versions github.com/gofiber/fiber/v3 versions prior to 3.1.0

Description The default key generator in the cache middleware uses only the request path via the c.Path() function and excludes the query string. Consequently, requests targeting the same path but containing different query parameters map to the same cache key. This leads to response mix-ups where a user may receive a cached response intended for a different request, potentially leaking or corrupting user or tenant-specific content for endpoints where the response depends on query parameters.

Recommendations Update to version 3.1.0 or later.