Back to CVE List

CVE-2026-56763

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
4.8 / 10
Vector String
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Vulnerability Description

Hono before 4.12.7 allows __proto__ key in parseBody with dot option enabled, permitting specially crafted form field names to create objects with __proto__ properties. When parsed results are merged into regular JavaScript objects using unsafe merge patterns, attackers can exploit this to achieve prototype pollution and modify object behavior.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-1321
Source
NVD
Vendor
Hono
Product
Hono

External References

Discussion (0)

Add Comment

No comments yet. Be the first!