CVE-2026-53624
MEDIUM
NVD
CVSS Score
4.8
Severity
MEDIUM
Published
Jul 08, 2026
Vendor
unknown
Description
Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even when HSTSMaxAge is configured because it checks c.Protocol() for https instead of c.Scheme(). This issue is fixed in version 3.4.0.