Home > Vulnerability Database > CVE-2026-24473

Mend.io Vulnerability Database

CVE-2026-24473

Good to know:

Date: January 27, 2026

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Serve static Middleware for the Cloudflare Workers adapter contains an information disclosure vulnerability that may allow attackers to read arbitrary keys from the Workers environment. Improper validation of user-controlled paths can result in unintended access to internal asset keys. Version 4.11.7 contains a patch for the issue.

Severity Score

3.7

Related Resources (6)

Url: https://github.com/honojs/hono

Url: https://github.com/honojs/hono/commit/cf9a78db4d0a19b117aee399cbe9d3a6d9bfd817

Url: https://github.com/honojs/hono/releases/tag/v4.11.7

Url: https://github.com/honojs/hono/security/advisories/GHSA-w332-q679-j88p

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-24473

Url: https://www.mend.io/vulnerability-database/CVE-2026-24473

Severity Score

3.7

Weakness Type (CWE)

Exposure of Resource to Wrong Sphere

CWE-668

Improper Access Control

CWE-284

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Top Fix

Upgrade Version

Upgrade to version hono - 4.11.7;https://github.com/honojs/hono.git - v4.11.7

Learn More

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2026-24473

Good to know:

Date: January 27, 2026

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?