CNNVD-202601-1982 Information
CNNVD ID
CNNVD-202601-1982
Related CVE
- CNNVD Published: 2026-01-13
Description (Chinese)
Hono是Hono社区的一个用 TypeScript 编写的 Web 框架。 Hono 4.11.4之前版本存在数据伪造问题漏洞,该漏洞源于JWT验证中间件允许JWT标头算法值影响签名验证,可能导致算法混淆和接受伪造令牌。
Description (English)
Hono is a web-based framework for the Hono community, developed by TypeScript. The previous version of Hono 4.11.4 had a loophole in the problem of data forgery, which stemmed from the JWT authentication intermediate allowing JWT header algorithms to influence signature authentication, which could lead to confusion in algorithms and acceptance of forged tokens.
Hazard Level
Medium
Vulnerability Type
数据伪造问题
Affected Vendor
Hono
Published
2026-01-13
Last Modified
2026-02-24
References
https://github.com/honojs/hono/commit/cc0aa7ae327ed84cc391d29086dec2a3e44e7a1f https://github.com/honojs/hono/security/advisories/GHSA-f67f-6cw9-8mq4 https://access.redhat.com/security/cve/cve-2026-22817
Patch
https://github.com/honojs/hono/releases
Share on: