CVE-2026-24398

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.11.7

Description The IP Restriction Middleware in Hono does not properly validate IPv4 addresses, allowing attackers to bypass IP-based access controls. The IPV4 REGEX pattern and convertIPv4ToBinary function in src/utils/ipaddr.ts fail to ensure that IPv4 octet values are within the valid range of 0-255. This allows the creation of malformed IP addresses that circumvent intended restrictions.

Recommendations Update to version 4.11.7 or later.