All 4 CVE vulnerabilities found in node-server, with AI-generated Chinese analysis, references, and POCs.
Vendor: honojs
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-39406 | @hono/node-server has a middleware bypass via repeated slashes in serveStatic CWE-22 | 5.3 | Medium | 2026-04-08 |
| CVE-2026-29087 | @hono/node-server: Authorization bypass for protected static paths via encoded slashes in Serve Static Middleware CWE-863 | 7.5 | High | 2026-03-06 |
| CVE-2024-32652 | @hono/node-server contains Denial of Service risk when receiving Host header that cannot be parsed CWE-755 | 7.5 | High | 2024-04-19 |
| CVE-2024-23340 | @hono/node-server can't handle "double dots" in URL CWE-22 | 5.3 | Medium | 2024-01-22 |
All 4 known CVE vulnerabilities affecting node-server with full Chinese analysis, references, and POCs where available.