CVE-2026-47674 in honoinformação

Sumário

de MITRE • 28/05/2026

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the ip-restriction middleware (hono/ip-restriction) compares incoming IP addresses against configured deny and allow rules using string equality after partial normalization. Non-canonical IPv6 representations of an address already listed in a static rule — such as compressed forms, explicit-zero forms, or hex-notation IPv4-mapped addresses — do not match the normalized rule entry, causing the rule to be silently skipped. This vulnerability is fixed in 4.12.21.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

GitHub M

Reservar

19/05/2026

Divulgação

28/05/2026

Moderação

aceite

Entrada

VDB-366813

CPE

pronto

CWE

CWE-185 (confirmado)

CVSS

5.3 (CNA)

EPSS

0.00098

KEV

não

Atividades

muito baixo

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-47674
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-47674
CVE Details	https://www.cvedetails.com/cve/CVE-2026-47674/

◂ Voltar Visão Geral Próximo ▸

Want to know what is going to be exploited?

We predict KEV entries!