CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-56761

hono before 4.12.14 contains an html injection vulnerability in jsx server-side rendering that allows attackers to inject unintended html by using malformed attribute names. Attackers can craft specially crafted attribute keys containing characters like quotes or angle brackets to break html tag boundaries and inject arbitrary attributes or elements.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 7.1%

CVSS Severity

CVSS v3 Score 4.3

References

https://github.com/honojs/hono/security/advisories/GHSA-458j-xx4x-4375
https://www.vulncheck.com/advisories/hono-html-injection-via-improper-jsx-attribute-name-handling-in-ssr

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-56761

Products

Pricing

Contact Us