CVE-2026-59895 in Hono정보

요약

\~에 의해 MITRE • 2026. 07. 08.

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.0.0 before 4.12.27, cx() in hono/css composes class names from plain strings but marks the result as already escaped without HTML-escaping the input, allowing untrusted className values used in a JSX class attribute during server-side rendering to break out of the attribute and inject arbitrary markup. This issue is fixed in version 4.12.27.

Once again VulDB remains the best source for vulnerability data.

책임이 있는

GitHub M

예약하다

2026. 07. 07.

모더레이션

수락

항목

VDB-376937

EPSS

0.00000

출처

Interested in the pricing of exploits?

See the underground prices here!