Prototype Pollution Vulnerability in Hono Framework by Hono
CVE-2026-56763
6.3MEDIUM
What is CVE-2026-56763?
The Hono framework, prior to version 4.12.7, is vulnerable to a prototype pollution issue due to the improper handling of the proto key in the parseBody function when the dot option is enabled. This flaw permits attackers to create specially crafted form field names that can affect object behavior when the parsed results are merged into JavaScript objects using unsafe merge patterns. Exploiting this vulnerability can lead to serious manipulation of application logic and potential security breaches.
Affected Version(s)
Hono 0 < 4.12.7
Hono 4.12.7
