By weakness (CWE)
CWE-444: related vulnerabilities
CVEs classified under CWE-444. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
2 published vulnerabilities
- CVE-2026-47676MEDIUM 5.3
Hono, a JavaScript web framework, contains a path handling vulnerability in versions before 4.12.21 that affects how mounted sub-applications receive requests. When URLs contain percent-encoded characters (like %C3%A9 for é), the framework strips the mount prefix incorrectly, causing the sub-application to see a mangled path. This can lead to requests being routed to unintended endpoints or exposing sensitive information through path confusion.
- CVE-2026-44546LOW 3.7
Daphne, a popular ASGI server for Django applications, contains a header parsing vulnerability that allows attackers to inject additional HTTP headers into requests under specific conditions. The issue arises from a mismatch in how Daphne and the underlying WebSocket library (autobahn) interpret certain whitespace characters as line separators. By crafting requests with specific byte sequences in header values, an attacker can inject headers that the application receives, potentially leading to security bypasses depending on application logic. Daphne versions before 4.2.2 are affected. The vulnerability has a low CVSS score (3.7) and requires specific conditions to exploit, but organizations running affected versions should still apply the patch.