CNNVD-202601-1981 Information
CNNVD ID
CNNVD-202601-1981
Related CVE
- CNNVD Published: 2026-01-13
Description (Chinese)
Hono是Hono社区的一个用 TypeScript 编写的 Web 框架。 Hono 4.11.4之前版本存在数据伪造问题漏洞,该漏洞源于JWT验证中间件允许JWT标头算法影响签名验证,可能导致算法混淆和接受伪造令牌。
Description (English)
Hono is a web-based framework for the Hono community, developed by TypeScript. The previous version of Hono 4.11.4 had a loophole in the problem of data forgery, which originated from the JWT authentication intermediate that allowed JWT header algorithms to influence signature authentication, which could lead to confusion of algorithms and acceptance of forged tokens.
Hazard Level
Medium
Vulnerability Type
数据伪造问题
Affected Vendor
Hono
Published
2026-01-13
Last Modified
2026-02-24
References
https://github.com/honojs/hono/commit/190f6e28e2ca85ce3d1f2f54db1310f5f3eab134 https://github.com/honojs/hono/security/advisories/GHSA-3vhc-576x-3qv4 https://access.redhat.com/security/cve/cve-2026-22818
Patch
https://github.com/honojs/hono/releases
Share on: