By weakness (CWE)
CWE-185: related vulnerabilities
CVEs classified under CWE-185. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
1 published vulnerability
- CVE-2026-47674MEDIUM 5.3
Hono's IP-restriction middleware, a security component designed to enforce access control by allowing or denying traffic based on IP address rules, contains a flaw in how it compares incoming IP addresses against configured rules. The vulnerability exists because the middleware only performs partial normalization of IPv6 addresses before comparing them to stored rules. When an attacker sends a request using an alternative representation of an IPv6 address—such as compressed notation, explicit-zero forms, or IPv4-mapped hex notation—the middleware fails to recognize it as matching a rule, silently skipping the check. This allows traffic that should be blocked to pass through, or blocks traffic that should be allowed, depending on rule configuration. The flaw affects Hono versions prior to 4.12.21.