Server-side Rendering Context Leakage in Hono Framework by Hono
CVE-2026-59896
6.5MEDIUM
What is CVE-2026-59896?
The Hono framework, known for supporting various JavaScript runtimes, has a vulnerability where context values are not properly isolated during server-side rendering. This flaw allows data from one request to bleed into another, potentially exposing sensitive data or misrepresenting the application's state. The issue arises specifically with the createContext, useContext, and similar APIs, which could lead to incorrect behavior in async components. The vulnerability impacts versions from 4.11.8 to 4.12.26 and has been resolved in version 4.12.27.
Affected Version(s)
hono >= 4.11.8, < 4.12.27
