CVE-2026-44457

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
13/05/2026
Last modified:
13/05/2026

Description

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be served to subsequent requests from different users. This vulnerability is fixed in 4.12.18.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:hono:hono:*:*:*:*:*:node.js:*:* 4.12.18 (excluding)