VYPR

Hono

by Npm

CVEs (1)

  • CVE-2026-56762Jun 23, 2026
    Honojs
    Hono
    risk 0.00cvss epss

    Hono before 4.12.12 does not validate cookie names on the write path in the setCookie(), serialize(), and serializeSigned() functions, allowing invalid characters such as control characters (e.g. \r or \n) when an application passes a user-controlled cookie name. This can…