What is CVE-2026-24472?

CVE-2026-24472 is a medium-severity vulnerability in Honojs Hono, classified under Use of Cache Containing Sensitive Information. CVSS score: 5.3/10. Published 2026-01-27.

How severe is CVE-2026-24472?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Honojs Hono

CVE-2026-24472

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives…

EPSS: 0.000 (3.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Honojs Hono — versions < 4.11.7

Weakness classification (CWE)

References

https://github.com/honojs/hono/security/advisories/GHSA-6wqw-2p9w-4vw4 (x_refsource_CONFIRM)
https://github.com/honojs/hono/commit/12c511745b3f1e7a3f863a23ce5f921c7fa805d1 (x_refsource_MISC)
https://github.com/honojs/hono/releases/tag/v4.11.7 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-24472?: CVE-2026-24472 is a medium-severity vulnerability in Honojs Hono, classified under Use of Cache Containing Sensitive Information. CVSS score: 5.3/10. Published 2026-01-27.
How severe is CVE-2026-24472?: Medium severity. CVSS v3 base score is 5.3 out of 10.