MEDIUM
Hono
CVE published 2026-06-23
CVE-2026-56762
CVE-2026-56762 is a medium-severity vulnerability in Hono before 4.12.12. The vulnerability occurs because Hono does not validate cookie names on the write path in the setCookie(), serialize(), and serializeSigned() functions. This allows invalid characters, such as control characters (e.g., <br> or <n), when an application passes a user-controlled cookie name. The issue primarily affects correctness and [truncated]