PT-2026-60122 · Hono · Hono
Exagone313
·
Published
2026-07-15
·
Updated
2026-07-15
·
CVE-2026-56764
CVSS v3.1
3.7
Low
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
Hono before 4.11.10 contains a timing attack vulnerability in the basicAuth and bearerAuth middlewares due to non-constant-time string comparison in the timingSafeEqual function. Attackers can exploit early termination of string equality checks to infer valid credentials through precise timing measurements.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hono