PT-2026-44413 · Hono · Hono
Squ4Nch
·
Published
2026-05-28
·
Updated
2026-05-29
·
CVE-2026-47673
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Hono versions prior to 4.12.21
Description
The
jwt and jwk middlewares fail to verify that the Authorization header value utilizes the Bearer scheme. Consequently, any two-part header value is processed for JWT verification regardless of the scheme name used in the first position. This allows requests using non-Bearer scheme identifiers, such as Basic or Token, to be authenticated in the same manner as correctly formed Bearer requests.Recommendations
Update to version 4.12.21.
Fix
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hono