CVE-2026-53624
Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets th
CVSS
4.8
Medium
EPSS
0.2%
p12
KEV
—
Exploit Today
3
0-100
Published: Jul 8, 2026 · Last modified: Jul 15, 2026 · CWE-319
0.2%EPSS · 30 days0.2%
2026-07-092026-07-17
Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even when HSTSMaxAge is configured because it checks c.Protocol() for https instead of c.Scheme(). This issue is fixed in version 3.4.0.
- github.comhttps://github.com/gofiber/fiber/commit/04dd4e7754f61768fddccacc79057e416f13e6bf
- github.comhttps://github.com/gofiber/fiber/pull/4389
- github.comhttps://github.com/gofiber/fiber/releases/tag/v3.4.0
- github.comhttps://github.com/gofiber/fiber/security/advisories/GHSA-gv83-gqw6-9j2c
- github.comhttps://github.com/gofiber/fiber/security/advisories/GHSA-gv83-gqw6-9j2c
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2023-318237.5 HIG47.0%
——14An issue found in Marui Co Marui Official app v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Marui Official Store function.9dCVE-2024-487887.5 HIG43.2%
——13An issue in YESCAM (com.yescom.YesCam.zwave) 1.0.2 allows a remote attacker to obtain sensitive information via the firmware update process.13dCVE-2024-388917.5 HIG35.4%
——11An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Sniffing Network Traffic attack due to the cleartext transmission of sensitive information.13dCVE-2023-390867.5 HIG23.4%
——7ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitive information in cleartext.9dCVE-2025-564479.8 CRI19.3%
——6TM2 Monitoring v3.04 contains an authentication bypass and plaintext credential disclosure.13dCVE-2025-671597.5 HIG17.4%
——5Vatilon v1.12.37-20240124 was discovered to transmit user credentials in plaintext.13d