Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 15 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 15 Jul 2026 12:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Hono before 4.11.10 contains a timing attack vulnerability in the basicAuth and bearerAuth middlewares due to non-constant-time string comparison in the timingSafeEqual function. Attackers can exploit early termination of string equality checks to infer valid credentials through precise timing measurements. | |
| Title | Hono - Timing Attack in basicAuth and bearerAuth Middleware | |
| First Time appeared |
Hono
Hono hono |
|
| Weaknesses | CWE-208 | |
| CPEs | cpe:2.3:a:hono:hono:*:*:*:*:*:node.js:*:* | |
| Vendors & Products |
Hono
Hono hono |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-15T13:50:24.700Z
Reserved: 2026-06-22T21:55:17.942Z
Link: CVE-2026-56764
Updated: 2026-07-15T13:49:52.357Z
No data.
No data.
OpenCVE Enrichment
No data.