CVE-2026-47673

Published: Mag 28, 2026 Last Modified: Mag 28, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 4,8

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: low

Integrity: low

Availability: none

Description

AI Translation Available

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the jwt and jwk middlewares do not verify that the Authorization header value uses theBearer scheme. Any two-part header value — regardless of the scheme name in the first position — proceeds to JWT verification. A request presenting a valid JWT under a non-Bearer scheme identifier (such as Basic or Token) is authenticated identically to a correctly formed Bearer request. This vulnerability is fixed in 4.12.21.

285

Improper Authorization

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Access Control

Potential Impacts:

Read Application Data Read Files Or Directories Modify Application Data Modify Files Or Directories Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands

Applicable Platforms

Technologies: Not Technology-Specific, Web Server, Database Server

Likelihood of Exploit: High

View CWE Details

https://github.com/honojs/hono/security/advisories/GHSA-f57…

https://github.com/honojs/hono/security/advisories/GHSA-f577-qrjj-4474

CVE-2026-47673

Description

Improper Authorization

Common Consequences

Applicable Platforms

Iscriviti alla newsletter