Vulnerability Details CVE-2026-53624
Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even when HSTSMaxAge is configured because it checks c.Protocol() for https instead of c.Scheme(). This issue is fixed in version 3.4.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 10.8%
CVSS Severity
CVSS v3 Score 4.8
Products affected by CVE-2026-53624
-
cpe:2.3:a:gofiber:fiber:-
-
cpe:2.3:a:gofiber:fiber:1.14.1
-
cpe:2.3:a:gofiber:fiber:1.14.2
-
cpe:2.3:a:gofiber:fiber:1.14.3
-
cpe:2.3:a:gofiber:fiber:1.14.4
-
cpe:2.3:a:gofiber:fiber:1.14.5
-
cpe:2.3:a:gofiber:fiber:1.14.6
-
cpe:2.3:a:gofiber:fiber:2.0.0
-
cpe:2.3:a:gofiber:fiber:2.0.1
-
cpe:2.3:a:gofiber:fiber:2.0.2
-
cpe:2.3:a:gofiber:fiber:2.0.3
-
cpe:2.3:a:gofiber:fiber:2.0.4
-
cpe:2.3:a:gofiber:fiber:2.0.5
-
cpe:2.3:a:gofiber:fiber:2.0.6
-
cpe:2.3:a:gofiber:fiber:2.1.0
-
cpe:2.3:a:gofiber:fiber:2.1.1
-
cpe:2.3:a:gofiber:fiber:2.1.2
-
cpe:2.3:a:gofiber:fiber:2.1.3
-
cpe:2.3:a:gofiber:fiber:2.1.4
-
cpe:2.3:a:gofiber:fiber:2.10.0
-
cpe:2.3:a:gofiber:fiber:2.11.0
-
cpe:2.3:a:gofiber:fiber:2.12.0
-
cpe:2.3:a:gofiber:fiber:2.13.0
-
cpe:2.3:a:gofiber:fiber:2.14.0
-
cpe:2.3:a:gofiber:fiber:2.15.0
-
cpe:2.3:a:gofiber:fiber:2.16.0
-
cpe:2.3:a:gofiber:fiber:2.17.0
-
cpe:2.3:a:gofiber:fiber:2.18.0
-
cpe:2.3:a:gofiber:fiber:2.19.0
-
cpe:2.3:a:gofiber:fiber:2.2.0
-
cpe:2.3:a:gofiber:fiber:2.2.1
-
cpe:2.3:a:gofiber:fiber:2.2.2
-
cpe:2.3:a:gofiber:fiber:2.2.3
-
cpe:2.3:a:gofiber:fiber:2.2.4
-
cpe:2.3:a:gofiber:fiber:2.2.5
-
cpe:2.3:a:gofiber:fiber:2.20.0
-
cpe:2.3:a:gofiber:fiber:2.20.1
-
cpe:2.3:a:gofiber:fiber:2.20.2
-
cpe:2.3:a:gofiber:fiber:2.21.0
-
cpe:2.3:a:gofiber:fiber:2.22.0
-
cpe:2.3:a:gofiber:fiber:2.23.0
-
cpe:2.3:a:gofiber:fiber:2.24.0
-
cpe:2.3:a:gofiber:fiber:2.25.0
-
cpe:2.3:a:gofiber:fiber:2.26.0
-
cpe:2.3:a:gofiber:fiber:2.27.0
-
cpe:2.3:a:gofiber:fiber:2.28.0
-
cpe:2.3:a:gofiber:fiber:2.29.0
-
cpe:2.3:a:gofiber:fiber:2.3.0
-
cpe:2.3:a:gofiber:fiber:2.3.1
-
cpe:2.3:a:gofiber:fiber:2.3.2
-
cpe:2.3:a:gofiber:fiber:2.3.3
-
cpe:2.3:a:gofiber:fiber:2.30.0
-
cpe:2.3:a:gofiber:fiber:2.31.0
-
cpe:2.3:a:gofiber:fiber:2.32.0
-
cpe:2.3:a:gofiber:fiber:2.33.0
-
cpe:2.3:a:gofiber:fiber:2.34.0
-
cpe:2.3:a:gofiber:fiber:2.34.1
-
cpe:2.3:a:gofiber:fiber:2.35.0
-
cpe:2.3:a:gofiber:fiber:2.36.0
-
cpe:2.3:a:gofiber:fiber:2.37.0
-
cpe:2.3:a:gofiber:fiber:2.37.1
-
cpe:2.3:a:gofiber:fiber:2.38.0
-
cpe:2.3:a:gofiber:fiber:2.38.1
-
cpe:2.3:a:gofiber:fiber:2.39.0
-
cpe:2.3:a:gofiber:fiber:2.4.0
-
cpe:2.3:a:gofiber:fiber:2.4.1
-
cpe:2.3:a:gofiber:fiber:2.40.0
-
cpe:2.3:a:gofiber:fiber:2.40.1
-
cpe:2.3:a:gofiber:fiber:2.41.0
-
cpe:2.3:a:gofiber:fiber:2.42.0
-
cpe:2.3:a:gofiber:fiber:2.43.0
-
cpe:2.3:a:gofiber:fiber:2.44.0
-
cpe:2.3:a:gofiber:fiber:2.45.0
-
cpe:2.3:a:gofiber:fiber:2.46.0
-
cpe:2.3:a:gofiber:fiber:2.47.0
-
cpe:2.3:a:gofiber:fiber:2.48.0
-
cpe:2.3:a:gofiber:fiber:2.49.0
-
cpe:2.3:a:gofiber:fiber:2.49.1
-
cpe:2.3:a:gofiber:fiber:2.49.2
-
cpe:2.3:a:gofiber:fiber:2.5.0
-
cpe:2.3:a:gofiber:fiber:2.50.0
-
cpe:2.3:a:gofiber:fiber:2.51.0
-
cpe:2.3:a:gofiber:fiber:2.52.0
-
cpe:2.3:a:gofiber:fiber:2.52.1
-
cpe:2.3:a:gofiber:fiber:2.52.10
-
cpe:2.3:a:gofiber:fiber:2.52.11
-
cpe:2.3:a:gofiber:fiber:2.52.12
-
cpe:2.3:a:gofiber:fiber:2.52.13
-
cpe:2.3:a:gofiber:fiber:2.52.14
-
cpe:2.3:a:gofiber:fiber:2.52.2
-
cpe:2.3:a:gofiber:fiber:2.52.3
-
cpe:2.3:a:gofiber:fiber:2.52.4
-
cpe:2.3:a:gofiber:fiber:2.52.5
-
cpe:2.3:a:gofiber:fiber:2.52.6
-
cpe:2.3:a:gofiber:fiber:2.52.7
-
cpe:2.3:a:gofiber:fiber:2.52.8
-
cpe:2.3:a:gofiber:fiber:2.52.9
-
cpe:2.3:a:gofiber:fiber:2.6.0
-
cpe:2.3:a:gofiber:fiber:2.7.0
-
cpe:2.3:a:gofiber:fiber:2.7.1
-
cpe:2.3:a:gofiber:fiber:2.8.0
-
cpe:2.3:a:gofiber:fiber:2.9.0
-
cpe:2.3:a:gofiber:fiber:3.0.0
-
cpe:2.3:a:gofiber:fiber:3.1.0
-
cpe:2.3:a:gofiber:fiber:3.2.0
-
cpe:2.3:a:gofiber:fiber:3.3.0