What is CVE-2026-56762?

CVE-2026-56762 is a medium-severity vulnerability in Hono, classified under HTTP Response Splitting. CVSS score: 5.3/10. Published 2026-06-23.

How severe is CVE-2026-56762?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Hono

CVE-2026-56762

Hono before 4.12.12 does not validate cookie names on the write path in the setCookie(), serialize(), and serializeSigned() functions, allowing invalid characters such as control characters (e.g. \r or \n) when an application passes a user…

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.

Affected products

Hono — versions 0, 4.12.12

Weakness classification (CWE)

CWE-113 — HTTP Response Splitting

References

disclosure@vulncheck.com (vendor-advisory)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2026-56762?: CVE-2026-56762 is a medium-severity vulnerability in Hono, classified under HTTP Response Splitting. CVSS score: 5.3/10. Published 2026-06-23.
How severe is CVE-2026-56762?: Medium severity. CVSS v3 base score is 5.3 out of 10.