CVE-2026-24472

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.11.7

Description The Cache Middleware component does not properly handle HTTP cache control directives such as Cache-Control: private or Cache-Control: no-store. This can lead to private or authenticated responses being cached and exposed to unauthorized users. The vulnerability exists in the cache decision logic of the Cache Middleware. The impact of this issue is Web Cache Deception and information disclosure, potentially exposing personally identifiable information or session-related data. The issue affects applications using the hono/cache middleware and relying on it to correctly honor HTTP cache control directives.

Recommendations Update to version 4.11.7 or later.

Exploit

Fix

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-613CWE-524

Related Identifiers

CVE-2026-24472

GHSA-6WQW-2P9W-4VW4

Affected Products

Hono

CVE-2026-24472

Weakness Enumeration

Related Identifiers

Affected Products

References · 11