PT-2026-56506 · Honojs · Hono

Published

2026-07-08

·

Updated

2026-07-08

·

CVE-2026-59896

CVSS v3.1

6.5

Medium

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11.8 before 4.12.27, hono/jsx did not isolate context values per request during server-side rendering, allowing createContext, useContext, jsxRenderer, or useRequestContext data from a different in-flight request to be used after an await in an async component. This issue is fixed in version 4.12.27.

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-59896

Affected Products

Hono