Back to CVE List

CVE-2026-44456

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
6.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Vulnerability Description

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, bodyLimit() does not reliably enforce maxSize for requests without a usable Content-Length (e.g. Transfer-Encoding: chunked). Oversized requests can reach handlers and return 200 instead of 413. This vulnerability is fixed in 4.12.16.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-400
Source
GitHub
Vendor
npm
Product
hono

External References

Discussion (0)

Add Comment

No comments yet. Be the first!