VYPR
Medium severity4.7GHSA Advisory· Published May 13, 2026· Updated May 13, 2026

CVE-2026-44455

CVE-2026-44455

Description

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the programmatic jsx() or createElement() APIs during server-side rendering, specially crafted values may break out of the intended element context and inject unintended HTML. This vulnerability is fixed in 4.12.16.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
hononpm
< 4.12.164.12.16

Affected products

13

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.