PT-2026-44414 · Hono · Hono

Offset

·

Published

2026-05-28

·

Updated

2026-07-02

·

CVE-2026-47674

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.21
Description The ip-restriction middleware (hono/ip-restriction) compares incoming IP addresses against configured deny and allow rules using string equality after partial normalization. Non-canonical IPv6 representations of an address already listed in a static rule—such as compressed forms, explicit-zero forms, or hex-notation IPv4-mapped addresses—do not match the normalized rule entry, which causes the rule to be silently skipped.
Recommendations Update to version 4.12.21.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-47674
GHSA-XRHX-7G5J-RCJ5

Affected Products

Hono