CVE-2026-39409

Published: Apr 08, 2026 Last Modified: Apr 08, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,3

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, ipRestriction() does not canonicalize IPv4-mapped IPv6 client addresses (e.g. ::ffff:127.0.0.1) before applying IPv4 allow or deny rules. In environments such as Node.js dual-stack, this can cause IPv4 rules to fail to match, leading to unintended authorization behavior. This vulnerability is fixed in 4.12.12.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0004

Percentile

0,1th

Updated

EPSS Score Trend (Last 8 Days)

180

Incorrect Behavior Order: Validate Before Canonicalize

Draft

Abstraction: Variant Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control

Potential Impacts:

Bypass Protection Mechanism

Applicable Platforms

All platforms may be affected

View CWE Details

https://github.com/honojs/hono/commit/48fa2233bc092f650119f…

https://github.com/honojs/hono/commit/48fa2233bc092f650119f42df043050737cabf39

https://github.com/honojs/hono/releases/tag/v4.12.12

https://github.com/honojs/hono/security/advisories/GHSA-xpc…

https://github.com/honojs/hono/security/advisories/GHSA-xpcf-pg52-r92g

CVE-2026-39409

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 8 Days)

Incorrect Behavior Order: Validate Before Canonicalize

Common Consequences

Applicable Platforms

Iscriviti alla newsletter