Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-29086 (GCVE-0-2026-29086)
Vulnerability from cvelistv5 – Published: 2026-03-04 22:09 – Updated: 2026-03-05 15:42
VLAI
EPSS
Title
Hono: Cookie Attribute Injection via Unsanitized domain and path in setCookie()
Summary
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie() utility did not validate semicolons (;), carriage returns (\r), or newline characters (\n) in the domain and path options when constructing the Set-Cookie header. Because cookie attributes are delimited by semicolons, this could allow injection of additional cookie attributes if untrusted input was passed into these fields. This issue has been patched in version 4.12.4.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1113 - Inappropriate Comment Style
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/honojs/hono/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/honojs/hono/commit/44ae0c8cc4d… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-29086",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T15:29:14.844587Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T15:42:10.524Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "hono",
"vendor": "honojs",
"versions": [
{
"status": "affected",
"version": "\u003c 4.12.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie() utility did not validate semicolons (;), carriage returns (\\r), or newline characters (\\n) in the domain and path options when constructing the Set-Cookie header. Because cookie attributes are delimited by semicolons, this could allow injection of additional cookie attributes if untrusted input was passed into these fields. This issue has been patched in version 4.12.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1113",
"description": "CWE-1113: Inappropriate Comment Style",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T22:09:01.488Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/honojs/hono/security/advisories/GHSA-5pq2-9x2x-5p6w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/honojs/hono/security/advisories/GHSA-5pq2-9x2x-5p6w"
},
{
"name": "https://github.com/honojs/hono/commit/44ae0c8cc4d5ab2bed529127a4ac72e1483ad073",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/honojs/hono/commit/44ae0c8cc4d5ab2bed529127a4ac72e1483ad073"
}
],
"source": {
"advisory": "GHSA-5pq2-9x2x-5p6w",
"discovery": "UNKNOWN"
},
"title": "Hono: Cookie Attribute Injection via Unsanitized domain and path in setCookie()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-29086",
"datePublished": "2026-03-04T22:09:01.488Z",
"dateReserved": "2026-03-03T20:51:43.484Z",
"dateUpdated": "2026-03-05T15:42:10.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-29086",
"date": "2026-06-19",
"epss": "0.00216",
"percentile": "0.11862"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-29086\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-04T23:16:10.593\",\"lastModified\":\"2026-03-06T18:00:25.880\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie() utility did not validate semicolons (;), carriage returns (\\\\r), or newline characters (\\\\n) in the domain and path options when constructing the Set-Cookie header. Because cookie attributes are delimited by semicolons, this could allow injection of additional cookie attributes if untrusted input was passed into these fields. This issue has been patched in version 4.12.4.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1113\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hono:hono:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"4.12.4\",\"matchCriteriaId\":\"8ADA9966-4575-41CC-8905-E1F4E4CB5CA6\"}]}]}],\"references\":[{\"url\":\"https://github.com/honojs/hono/commit/44ae0c8cc4d5ab2bed529127a4ac72e1483ad073\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/honojs/hono/security/advisories/GHSA-5pq2-9x2x-5p6w\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-29086\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-05T15:29:14.844587Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-05T15:29:15.872Z\"}}], \"cna\": {\"title\": \"Hono: Cookie Attribute Injection via Unsanitized domain and path in setCookie()\", \"source\": {\"advisory\": \"GHSA-5pq2-9x2x-5p6w\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"honojs\", \"product\": \"hono\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 4.12.4\"}]}], \"references\": [{\"url\": \"https://github.com/honojs/hono/security/advisories/GHSA-5pq2-9x2x-5p6w\", \"name\": \"https://github.com/honojs/hono/security/advisories/GHSA-5pq2-9x2x-5p6w\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/honojs/hono/commit/44ae0c8cc4d5ab2bed529127a4ac72e1483ad073\", \"name\": \"https://github.com/honojs/hono/commit/44ae0c8cc4d5ab2bed529127a4ac72e1483ad073\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie() utility did not validate semicolons (;), carriage returns (\\\\r), or newline characters (\\\\n) in the domain and path options when constructing the Set-Cookie header. Because cookie attributes are delimited by semicolons, this could allow injection of additional cookie attributes if untrusted input was passed into these fields. This issue has been patched in version 4.12.4.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1113\", \"description\": \"CWE-1113: Inappropriate Comment Style\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-04T22:09:01.488Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-29086\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-05T15:42:10.524Z\", \"dateReserved\": \"2026-03-03T20:51:43.484Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-04T22:09:01.488Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
cleanstart-2026-be61221
Vulnerability from cleanstart
Published
2026-05-18 13:36
Modified
2026-05-10 11:41
Summary
Security fixes for CVE-2025-62718, CVE-2025-69873, CVE-2026-29045, CVE-2026-29085, CVE-2026-29086, CVE-2026-29087, CVE-2026-2950, CVE-2026-30827, CVE-2026-33750, CVE-2026-33891, CVE-2026-33894, CVE-2026-33895, CVE-2026-33896, CVE-2026-33916, CVE-2026-33937, CVE-2026-34043, CVE-2026-35213, CVE-2026-39406, CVE-2026-39407, CVE-2026-39408, CVE-2026-39409, CVE-2026-39410, CVE-2026-40175, CVE-2026-41238, CVE-2026-41239, CVE-2026-41240, CVE-2026-42033, CVE-2026-42034, CVE-2026-42035, CVE-2026-42036, CVE-2026-42037, CVE-2026-42038, CVE-2026-42039, CVE-2026-42040, CVE-2026-42041, CVE-2026-42042, CVE-2026-42043, CVE-2026-42044, CVE-2026-42264, CVE-2026-42338, CVE-2026-44455, CVE-2026-44456, CVE-2026-44457, CVE-2026-44458, CVE-2026-44459, CVE-2026-4800, CVE-2026-4923, CVE-2026-4926, CVE-2026-6321, CVE-2026-6322, ghsa-2328-f5f3-gj25, ghsa-26pp-8wgv-hjvm, ghsa-27v5-c462-wpq7, ghsa-2g4f-4pwh-qvx6, ghsa-2qvq-rjwj-gvw9, ghsa-2w6w-674q-4c4q, ghsa-39q2-94rc-95cp, ghsa-3mfm-83xf-c92r, ghsa-3p68-rc4w-qgx5, ghsa-3v7f-55p6-f55p, ghsa-3w6x-2g7m-8v23, ghsa-442j-39wm-28r2, ghsa-445q-vr5w-6q77, ghsa-458j-xx4x-4375, ghsa-46wh-pxpv-q5gq, ghsa-5c6j-r48x-rmvq, ghsa-5c9x-8gcm-mpgx, ghsa-5m6q-g25r-mvwx, ghsa-5pq2-9x2x-5p6w, ghsa-62hf-57xw-28j9, ghsa-69xw-7hcm-h432, ghsa-6chq-wfr3-2hj9, ghsa-7rx3-28cr-v5wh, ghsa-92pp-h63x-v22m, ghsa-9cx6-37pm-9jff, ghsa-9vqf-7f2p-gf9v, ghsa-c2c7-rcm5-vvqj, ghsa-crv5-9vww-q3g8, ghsa-f23m-r3pf-42rh, ghsa-f886-m6hf-6m8v, ghsa-fvcv-3m26-pcqx, ghsa-h7mw-gpvr-xq4m, ghsa-j3q9-mxjg-w52f, ghsa-jg4p-7fhp-p32p, ghsa-m7pr-hjqh-92cm, ghsa-p6xx-57qc-3wxr, ghsa-p77w-8qqv-26rm, ghsa-pf86-5x62-jrwf, ghsa-pmwg-cvhr-8vh7, ghsa-ppp5-5v6c-4jwp, ghsa-q3j6-qgpj-74h6, ghsa-q5qw-h33p-qvwr, ghsa-q67f-28xg-22rw, ghsa-q8qp-cvcw-x6jj, ghsa-qj8w-gfj5-8c6v, ghsa-qp7p-654g-cw7p, ghsa-r4q5-vmmm-2653, ghsa-r5fr-rjxr-66jc, ghsa-r5rp-j6wh-rvv4, ghsa-v2v4-37r5-5v8g, ghsa-v39h-62p7-jpjc, ghsa-v8w9-8mx6-g223, ghsa-v9jr-rg53-9pgp, ghsa-vf2m-468p-8v99, ghsa-w9j2-pvgh-6h63, ghsa-wc8c-qw6v-h7f6, ghsa-wmmm-f939-6g9c, ghsa-xf4j-xp2r-rqqx, ghsa-xhjh-pmcv-23jw, ghsa-xhpv-hc6g-r9c6, ghsa-xjpj-3mr7-gcpf, ghsa-xpcf-pg52-r92g, ghsa-xx6v-rp6x-q39c applied in versions: 2.19.5-r0
Details
Multiple security vulnerabilities affect the opensearch-dashboards-fips package. These issues are resolved in later releases. See references for individual vulnerability details.
References
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "opensearch-dashboards-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.19.5-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the opensearch-dashboards-fips package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-BE61221",
"modified": "2026-05-10T11:41:43Z",
"published": "2026-05-18T13:36:50.922233Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-BE61221.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-62718"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-69873"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-29045"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-29085"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-29086"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-29087"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-2950"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-30827"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33750"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33891"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33894"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33895"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33896"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33916"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33937"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34043"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-35213"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39406"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39407"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39408"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39409"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39410"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-40175"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-41238"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-41239"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-41240"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42033"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42034"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42035"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42036"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42037"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42038"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42039"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42040"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42041"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42042"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42043"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42044"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42264"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42338"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-44455"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-44456"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-44457"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-44458"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-44459"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-4800"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-4923"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-4926"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-6321"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-6322"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2328-f5f3-gj25"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-26pp-8wgv-hjvm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-27v5-c462-wpq7"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2g4f-4pwh-qvx6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2qvq-rjwj-gvw9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2w6w-674q-4c4q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-39q2-94rc-95cp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3mfm-83xf-c92r"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3p68-rc4w-qgx5"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3v7f-55p6-f55p"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3w6x-2g7m-8v23"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-442j-39wm-28r2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-445q-vr5w-6q77"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-458j-xx4x-4375"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-46wh-pxpv-q5gq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-5c6j-r48x-rmvq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-5c9x-8gcm-mpgx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-5m6q-g25r-mvwx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-5pq2-9x2x-5p6w"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-62hf-57xw-28j9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-69xw-7hcm-h432"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6chq-wfr3-2hj9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-7rx3-28cr-v5wh"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-92pp-h63x-v22m"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-9cx6-37pm-9jff"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-9vqf-7f2p-gf9v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c2c7-rcm5-vvqj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-crv5-9vww-q3g8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-f23m-r3pf-42rh"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-f886-m6hf-6m8v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fvcv-3m26-pcqx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-h7mw-gpvr-xq4m"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j3q9-mxjg-w52f"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-jg4p-7fhp-p32p"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-m7pr-hjqh-92cm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-p6xx-57qc-3wxr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-p77w-8qqv-26rm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pf86-5x62-jrwf"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pmwg-cvhr-8vh7"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-ppp5-5v6c-4jwp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-q3j6-qgpj-74h6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-q5qw-h33p-qvwr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-q67f-28xg-22rw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-q8qp-cvcw-x6jj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qj8w-gfj5-8c6v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qp7p-654g-cw7p"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-r4q5-vmmm-2653"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-r5fr-rjxr-66jc"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-r5rp-j6wh-rvv4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-v2v4-37r5-5v8g"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-v39h-62p7-jpjc"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-v8w9-8mx6-g223"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-v9jr-rg53-9pgp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vf2m-468p-8v99"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w9j2-pvgh-6h63"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wc8c-qw6v-h7f6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wmmm-f939-6g9c"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-xf4j-xp2r-rqqx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-xhjh-pmcv-23jw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-xhpv-hc6g-r9c6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-xjpj-3mr7-gcpf"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-xpcf-pg52-r92g"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-xx6v-rp6x-q39c"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29045"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29085"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29086"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29087"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2950"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30827"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33750"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33891"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33894"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33895"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33896"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33916"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33937"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34043"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35213"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39406"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39407"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39408"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39409"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39410"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40175"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41238"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41239"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41240"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42034"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42036"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42037"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42038"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42040"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42042"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42264"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44455"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44456"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44457"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44458"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44459"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4800"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4923"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4926"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6321"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6322"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2025-62718, CVE-2025-69873, CVE-2026-29045, CVE-2026-29085, CVE-2026-29086, CVE-2026-29087, CVE-2026-2950, CVE-2026-30827, CVE-2026-33750, CVE-2026-33891, CVE-2026-33894, CVE-2026-33895, CVE-2026-33896, CVE-2026-33916, CVE-2026-33937, CVE-2026-34043, CVE-2026-35213, CVE-2026-39406, CVE-2026-39407, CVE-2026-39408, CVE-2026-39409, CVE-2026-39410, CVE-2026-40175, CVE-2026-41238, CVE-2026-41239, CVE-2026-41240, CVE-2026-42033, CVE-2026-42034, CVE-2026-42035, CVE-2026-42036, CVE-2026-42037, CVE-2026-42038, CVE-2026-42039, CVE-2026-42040, CVE-2026-42041, CVE-2026-42042, CVE-2026-42043, CVE-2026-42044, CVE-2026-42264, CVE-2026-42338, CVE-2026-44455, CVE-2026-44456, CVE-2026-44457, CVE-2026-44458, CVE-2026-44459, CVE-2026-4800, CVE-2026-4923, CVE-2026-4926, CVE-2026-6321, CVE-2026-6322, ghsa-2328-f5f3-gj25, ghsa-26pp-8wgv-hjvm, ghsa-27v5-c462-wpq7, ghsa-2g4f-4pwh-qvx6, ghsa-2qvq-rjwj-gvw9, ghsa-2w6w-674q-4c4q, ghsa-39q2-94rc-95cp, ghsa-3mfm-83xf-c92r, ghsa-3p68-rc4w-qgx5, ghsa-3v7f-55p6-f55p, ghsa-3w6x-2g7m-8v23, ghsa-442j-39wm-28r2, ghsa-445q-vr5w-6q77, ghsa-458j-xx4x-4375, ghsa-46wh-pxpv-q5gq, ghsa-5c6j-r48x-rmvq, ghsa-5c9x-8gcm-mpgx, ghsa-5m6q-g25r-mvwx, ghsa-5pq2-9x2x-5p6w, ghsa-62hf-57xw-28j9, ghsa-69xw-7hcm-h432, ghsa-6chq-wfr3-2hj9, ghsa-7rx3-28cr-v5wh, ghsa-92pp-h63x-v22m, ghsa-9cx6-37pm-9jff, ghsa-9vqf-7f2p-gf9v, ghsa-c2c7-rcm5-vvqj, ghsa-crv5-9vww-q3g8, ghsa-f23m-r3pf-42rh, ghsa-f886-m6hf-6m8v, ghsa-fvcv-3m26-pcqx, ghsa-h7mw-gpvr-xq4m, ghsa-j3q9-mxjg-w52f, ghsa-jg4p-7fhp-p32p, ghsa-m7pr-hjqh-92cm, ghsa-p6xx-57qc-3wxr, ghsa-p77w-8qqv-26rm, ghsa-pf86-5x62-jrwf, ghsa-pmwg-cvhr-8vh7, ghsa-ppp5-5v6c-4jwp, ghsa-q3j6-qgpj-74h6, ghsa-q5qw-h33p-qvwr, ghsa-q67f-28xg-22rw, ghsa-q8qp-cvcw-x6jj, ghsa-qj8w-gfj5-8c6v, ghsa-qp7p-654g-cw7p, ghsa-r4q5-vmmm-2653, ghsa-r5fr-rjxr-66jc, ghsa-r5rp-j6wh-rvv4, ghsa-v2v4-37r5-5v8g, ghsa-v39h-62p7-jpjc, ghsa-v8w9-8mx6-g223, ghsa-v9jr-rg53-9pgp, ghsa-vf2m-468p-8v99, ghsa-w9j2-pvgh-6h63, ghsa-wc8c-qw6v-h7f6, ghsa-wmmm-f939-6g9c, ghsa-xf4j-xp2r-rqqx, ghsa-xhjh-pmcv-23jw, ghsa-xhpv-hc6g-r9c6, ghsa-xjpj-3mr7-gcpf, ghsa-xpcf-pg52-r92g, ghsa-xx6v-rp6x-q39c applied in versions: 2.19.5-r0",
"upstream": [
"CVE-2025-62718",
"CVE-2025-69873",
"CVE-2026-29045",
"CVE-2026-29085",
"CVE-2026-29086",
"CVE-2026-29087",
"CVE-2026-2950",
"CVE-2026-30827",
"CVE-2026-33750",
"CVE-2026-33891",
"CVE-2026-33894",
"CVE-2026-33895",
"CVE-2026-33896",
"CVE-2026-33916",
"CVE-2026-33937",
"CVE-2026-34043",
"CVE-2026-35213",
"CVE-2026-39406",
"CVE-2026-39407",
"CVE-2026-39408",
"CVE-2026-39409",
"CVE-2026-39410",
"CVE-2026-40175",
"CVE-2026-41238",
"CVE-2026-41239",
"CVE-2026-41240",
"CVE-2026-42033",
"CVE-2026-42034",
"CVE-2026-42035",
"CVE-2026-42036",
"CVE-2026-42037",
"CVE-2026-42038",
"CVE-2026-42039",
"CVE-2026-42040",
"CVE-2026-42041",
"CVE-2026-42042",
"CVE-2026-42043",
"CVE-2026-42044",
"CVE-2026-42264",
"CVE-2026-42338",
"CVE-2026-44455",
"CVE-2026-44456",
"CVE-2026-44457",
"CVE-2026-44458",
"CVE-2026-44459",
"CVE-2026-4800",
"CVE-2026-4923",
"CVE-2026-4926",
"CVE-2026-6321",
"CVE-2026-6322",
"ghsa-2328-f5f3-gj25",
"ghsa-26pp-8wgv-hjvm",
"ghsa-27v5-c462-wpq7",
"ghsa-2g4f-4pwh-qvx6",
"ghsa-2qvq-rjwj-gvw9",
"ghsa-2w6w-674q-4c4q",
"ghsa-39q2-94rc-95cp",
"ghsa-3mfm-83xf-c92r",
"ghsa-3p68-rc4w-qgx5",
"ghsa-3v7f-55p6-f55p",
"ghsa-3w6x-2g7m-8v23",
"ghsa-442j-39wm-28r2",
"ghsa-445q-vr5w-6q77",
"ghsa-458j-xx4x-4375",
"ghsa-46wh-pxpv-q5gq",
"ghsa-5c6j-r48x-rmvq",
"ghsa-5c9x-8gcm-mpgx",
"ghsa-5m6q-g25r-mvwx",
"ghsa-5pq2-9x2x-5p6w",
"ghsa-62hf-57xw-28j9",
"ghsa-69xw-7hcm-h432",
"ghsa-6chq-wfr3-2hj9",
"ghsa-7rx3-28cr-v5wh",
"ghsa-92pp-h63x-v22m",
"ghsa-9cx6-37pm-9jff",
"ghsa-9vqf-7f2p-gf9v",
"ghsa-c2c7-rcm5-vvqj",
"ghsa-crv5-9vww-q3g8",
"ghsa-f23m-r3pf-42rh",
"ghsa-f886-m6hf-6m8v",
"ghsa-fvcv-3m26-pcqx",
"ghsa-h7mw-gpvr-xq4m",
"ghsa-j3q9-mxjg-w52f",
"ghsa-jg4p-7fhp-p32p",
"ghsa-m7pr-hjqh-92cm",
"ghsa-p6xx-57qc-3wxr",
"ghsa-p77w-8qqv-26rm",
"ghsa-pf86-5x62-jrwf",
"ghsa-pmwg-cvhr-8vh7",
"ghsa-ppp5-5v6c-4jwp",
"ghsa-q3j6-qgpj-74h6",
"ghsa-q5qw-h33p-qvwr",
"ghsa-q67f-28xg-22rw",
"ghsa-q8qp-cvcw-x6jj",
"ghsa-qj8w-gfj5-8c6v",
"ghsa-qp7p-654g-cw7p",
"ghsa-r4q5-vmmm-2653",
"ghsa-r5fr-rjxr-66jc",
"ghsa-r5rp-j6wh-rvv4",
"ghsa-v2v4-37r5-5v8g",
"ghsa-v39h-62p7-jpjc",
"ghsa-v8w9-8mx6-g223",
"ghsa-v9jr-rg53-9pgp",
"ghsa-vf2m-468p-8v99",
"ghsa-w9j2-pvgh-6h63",
"ghsa-wc8c-qw6v-h7f6",
"ghsa-wmmm-f939-6g9c",
"ghsa-xf4j-xp2r-rqqx",
"ghsa-xhjh-pmcv-23jw",
"ghsa-xhpv-hc6g-r9c6",
"ghsa-xjpj-3mr7-gcpf",
"ghsa-xpcf-pg52-r92g",
"ghsa-xx6v-rp6x-q39c"
]
}
FKIE_CVE-2026-29086
Vulnerability from fkie_nvd - Published: 2026-03-04 23:16 - Updated: 2026-06-17 10:29
Severity
Summary
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie() utility did not validate semicolons (;), carriage returns (\r), or newline characters (\n) in the domain and path options when constructing the Set-Cookie header. Because cookie attributes are delimited by semicolons, this could allow injection of additional cookie attributes if untrusted input was passed into these fields. This issue has been patched in version 4.12.4.
References
{
"affected": [
{
"affectedData": [
{
"product": "hono",
"vendor": "honojs",
"versions": [
{
"status": "affected",
"version": "\u003c 4.12.4"
}
]
}
],
"source": "security-advisories@github.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hono:hono:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "8ADA9966-4575-41CC-8905-E1F4E4CB5CA6",
"versionEndExcluding": "4.12.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie() utility did not validate semicolons (;), carriage returns (\\r), or newline characters (\\n) in the domain and path options when constructing the Set-Cookie header. Because cookie attributes are delimited by semicolons, this could allow injection of additional cookie attributes if untrusted input was passed into these fields. This issue has been patched in version 4.12.4."
},
{
"lang": "es",
"value": "Hono es un framework de aplicaci\u00f3n web que proporciona soporte para cualquier entorno de ejecuci\u00f3n de JavaScript. Antes de la versi\u00f3n 4.12.4, la utilidad setCookie() no validaba los puntos y coma (;), los retornos de carro (\\r) o los caracteres de nueva l\u00ednea (\\n) en las opciones de dominio y ruta al construir la cabecera Set-Cookie. Dado que los atributos de las cookies est\u00e1n delimitados por puntos y coma, esto podr\u00eda permitir la inyecci\u00f3n de atributos de cookie adicionales si se pasaba una entrada no confiable a estos campos. Este problema ha sido parcheado en la versi\u00f3n 4.12.4."
}
],
"id": "CVE-2026-29086",
"lastModified": "2026-06-17T10:29:34.577",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-29086",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T15:29:14.844587Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-03-04T23:16:10.593",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/honojs/hono/commit/44ae0c8cc4d5ab2bed529127a4ac72e1483ad073"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/honojs/hono/security/advisories/GHSA-5pq2-9x2x-5p6w"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1113"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-5PQ2-9X2X-5P6W
Vulnerability from github – Published: 2026-03-04 19:49 – Updated: 2026-03-05 15:26
VLAI
Summary
Hono Vulnerable to Cookie Attribute Injection via Unsanitized domain and path in setCookie()
Details
Summary
The setCookie() utility did not validate semicolons (;), carriage returns (\r), or newline characters (\n) in the domain and path options when constructing the Set-Cookie header.
Because cookie attributes are delimited by semicolons, this could allow injection of additional cookie attributes if untrusted input was passed into these fields.
Details
setCookie() builds the Set-Cookie header by concatenating option values. While the cookie value itself is URL-encoded, the domain and path options were previously interpolated without rejecting unsafe characters.
Including ;, \r, or \n in these fields could result in unintended additional attributes (such as SameSite, Secure, Domain, or Path) being appended to the cookie header.
Modern runtimes prevent full header injection via CRLF, so this issue is limited to attribute-level manipulation within a single Set-Cookie header.
The issue has been fixed by rejecting these characters in the domain and path options.
Impact
An attacker may be able to manipulate cookie attributes if an application passes user-controlled input directly into the domain or path options of setCookie().
This could affect cookie scoping or security attributes depending on browser behavior. Exploitation requires application-level misuse of cookie options.
Severity
5.4 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "hono"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.12.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-29086"
],
"database_specific": {
"cwe_ids": [
"CWE-1113",
"CWE-113"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-04T19:49:14Z",
"nvd_published_at": "2026-03-04T23:16:10Z",
"severity": "MODERATE"
},
"details": "## Summary\n\nThe `setCookie()` utility did not validate semicolons (`;`), carriage returns (`\\r`), or newline characters (`\\n`) in the `domain` and `path` options when constructing the `Set-Cookie` header.\n\nBecause cookie attributes are delimited by semicolons, this could allow injection of additional cookie attributes if untrusted input was passed into these fields.\n\n## Details\n\n`setCookie()` builds the `Set-Cookie` header by concatenating option values. While the cookie value itself is URL-encoded, the `domain` and `path` options were previously interpolated without rejecting unsafe characters.\n\nIncluding `;`, `\\r`, or `\\n` in these fields could result in unintended additional attributes (such as `SameSite`, `Secure`, `Domain`, or `Path`) being appended to the cookie header.\n\nModern runtimes prevent full header injection via CRLF, so this issue is limited to attribute-level manipulation within a single `Set-Cookie` header.\n\nThe issue has been fixed by rejecting these characters in the `domain` and `path` options.\n\n## Impact\n\nAn attacker may be able to manipulate cookie attributes if an application passes user-controlled input directly into the `domain` or `path` options of `setCookie()`.\n\nThis could affect cookie scoping or security attributes depending on browser behavior. Exploitation requires application-level misuse of cookie options.",
"id": "GHSA-5pq2-9x2x-5p6w",
"modified": "2026-03-05T15:26:43Z",
"published": "2026-03-04T19:49:14Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/honojs/hono/security/advisories/GHSA-5pq2-9x2x-5p6w"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29086"
},
{
"type": "WEB",
"url": "https://github.com/honojs/hono/commit/44ae0c8cc4d5ab2bed529127a4ac72e1483ad073"
},
{
"type": "PACKAGE",
"url": "https://github.com/honojs/hono"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Hono Vulnerable to Cookie Attribute Injection via Unsanitized domain and path in setCookie()"
}
WID-SEC-W-2026-0933
Vulnerability from csaf_certbund - Published: 2026-03-30 22:00 - Updated: 2026-05-31 22:00Summary
IBM App Connect Enterprise (Hono und Undici): Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen oder andere nicht näher bezeichnete Angriffe durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container Operator <12.0.24
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM App Connect Enterprise <13.2.0
IBM / App Connect Enterprise
|
<13.2.0 | ||
|
IBM App Connect Enterprise <13.0.7.0
IBM / App Connect Enterprise
|
<13.0.7.0 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container Operator <12.0.24
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM App Connect Enterprise <13.2.0
IBM / App Connect Enterprise
|
<13.2.0 | ||
|
IBM App Connect Enterprise <13.0.7.0
IBM / App Connect Enterprise
|
<13.0.7.0 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container Operator <12.0.24
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM App Connect Enterprise <13.2.0
IBM / App Connect Enterprise
|
<13.2.0 | ||
|
IBM App Connect Enterprise <13.0.7.0
IBM / App Connect Enterprise
|
<13.0.7.0 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container Operator <12.0.24
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM App Connect Enterprise <13.2.0
IBM / App Connect Enterprise
|
<13.2.0 | ||
|
IBM App Connect Enterprise <13.0.7.0
IBM / App Connect Enterprise
|
<13.0.7.0 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container Operator <12.0.24
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM App Connect Enterprise <13.2.0
IBM / App Connect Enterprise
|
<13.2.0 | ||
|
IBM App Connect Enterprise <13.0.7.0
IBM / App Connect Enterprise
|
<13.0.7.0 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container Operator <12.0.24
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM App Connect Enterprise <13.2.0
IBM / App Connect Enterprise
|
<13.2.0 | ||
|
IBM App Connect Enterprise <13.0.7.0
IBM / App Connect Enterprise
|
<13.0.7.0 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container Operator <12.0.24
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM App Connect Enterprise <13.2.0
IBM / App Connect Enterprise
|
<13.2.0 | ||
|
IBM App Connect Enterprise <13.0.7.0
IBM / App Connect Enterprise
|
<13.0.7.0 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container Operator <12.0.24
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM App Connect Enterprise <13.2.0
IBM / App Connect Enterprise
|
<13.2.0 | ||
|
IBM App Connect Enterprise <13.0.7.0
IBM / App Connect Enterprise
|
<13.0.7.0 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container Operator <12.0.24
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM App Connect Enterprise <13.2.0
IBM / App Connect Enterprise
|
<13.2.0 | ||
|
IBM App Connect Enterprise <13.0.7.0
IBM / App Connect Enterprise
|
<13.0.7.0 |
References
6 references
| URL | Category |
|---|---|
| https://wid.cert-bund.de/.well-known/csaf/white/2… | self |
| https://wid.cert-bund.de/portal/wid/securityadvis… | self |
| https://www.ibm.com/support/pages/node/7268023 | external |
| https://www.ibm.com/support/pages/node/7268166 | external |
| https://access.redhat.com/errata/RHSA-2026:7670 | external |
| https://www.ibm.com/support/pages/node/7274684 | external |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren oder andere nicht n\u00e4her bezeichnete Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0933 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0933.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0933 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0933"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7268023 vom 2026-03-30",
"url": "https://www.ibm.com/support/pages/node/7268023"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7268166 vom 2026-03-31",
"url": "https://www.ibm.com/support/pages/node/7268166"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:7670 vom 2026-04-13",
"url": "https://access.redhat.com/errata/RHSA-2026:7670"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7274684 vom 2026-06-01",
"url": "https://www.ibm.com/support/pages/node/7274684"
}
],
"source_lang": "en-US",
"title": "IBM App Connect Enterprise (Hono und Undici): Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-05-31T22:00:00.000+00:00",
"generator": {
"date": "2026-06-01T10:32:27.102+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-0933",
"initial_release_date": "2026-03-30T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-30T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-03-31T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-04-12T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-31T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T051349",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c13.0.7.0",
"product": {
"name": "IBM App Connect Enterprise \u003c13.0.7.0",
"product_id": "T052310"
}
},
{
"category": "product_version",
"name": "13.0.7.0",
"product": {
"name": "IBM App Connect Enterprise 13.0.7.0",
"product_id": "T052310-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:13.0.7.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c13.2.0",
"product": {
"name": "IBM App Connect Enterprise \u003c13.2.0",
"product_id": "T054915"
}
},
{
"category": "product_version",
"name": "13.2.0",
"product": {
"name": "IBM App Connect Enterprise 13.2.0",
"product_id": "T054915-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:13.2.0"
}
}
},
{
"category": "product_version_range",
"name": "Certified Container Operator \u003c12.0.24",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator \u003c12.0.24",
"product_id": "T054916"
}
},
{
"category": "product_version",
"name": "Certified Container Operator 12.0.24",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator 12.0.24",
"product_id": "T054916-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:certified_container_operator__12.0.24"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-1525",
"product_status": {
"known_affected": [
"T054916",
"67646",
"T051349",
"T054915",
"T052310"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2026-1525"
},
{
"cve": "CVE-2026-1526",
"product_status": {
"known_affected": [
"T054916",
"67646",
"T051349",
"T054915",
"T052310"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2026-1526"
},
{
"cve": "CVE-2026-1528",
"product_status": {
"known_affected": [
"T054916",
"67646",
"T051349",
"T054915",
"T052310"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2026-1528"
},
{
"cve": "CVE-2026-2229",
"product_status": {
"known_affected": [
"T054916",
"67646",
"T051349",
"T054915",
"T052310"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2026-2229"
},
{
"cve": "CVE-2026-2581",
"product_status": {
"known_affected": [
"T054916",
"67646",
"T051349",
"T054915",
"T052310"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2026-2581"
},
{
"cve": "CVE-2026-29045",
"product_status": {
"known_affected": [
"T054916",
"67646",
"T051349",
"T054915",
"T052310"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2026-29045"
},
{
"cve": "CVE-2026-29085",
"product_status": {
"known_affected": [
"T054916",
"67646",
"T051349",
"T054915",
"T052310"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2026-29085"
},
{
"cve": "CVE-2026-29086",
"product_status": {
"known_affected": [
"T054916",
"67646",
"T051349",
"T054915",
"T052310"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2026-29086"
},
{
"cve": "CVE-2026-1527",
"product_status": {
"known_affected": [
"T054916",
"67646",
"T051349",
"T054915",
"T052310"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2026-1527"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…