Prototype Pollution Vulnerability in Hono Framework by Hono
CVE-2026-56763

6.3MEDIUM

Key Information:

Vendor

Hono

Status
Vendor
CVE Published:
11 July 2026

What is CVE-2026-56763?

The Hono framework, prior to version 4.12.7, is vulnerable to a prototype pollution issue due to the improper handling of the proto key in the parseBody function when the dot option is enabled. This flaw permits attackers to create specially crafted form field names that can affect object behavior when the parsed results are merged into JavaScript objects using unsafe merge patterns. Exploiting this vulnerability can lead to serious manipulation of application logic and potential security breaches.

Affected Version(s)

Hono 0 < 4.12.7

Hono 4.12.7

References

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

0xkakash1
.