PT-2026-44414 · Hono · Hono
Offset
·
Published
2026-05-28
·
Updated
2026-07-02
·
CVE-2026-47674
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Hono versions prior to 4.12.21
Description
The
ip-restriction middleware (hono/ip-restriction) compares incoming IP addresses against configured deny and allow rules using string equality after partial normalization. Non-canonical IPv6 representations of an address already listed in a static rule—such as compressed forms, explicit-zero forms, or hex-notation IPv4-mapped addresses—do not match the normalized rule entry, which causes the rule to be silently skipped.Recommendations
Update to version 4.12.21.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hono