Use of Cache Containing Sensitive Information

CVE-2026-44457

Medium

5.3/10

Summary

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via `Vary: Authorization` or `Vary: Cookie`. As a result, a response cached for one authenticated user may be served to subsequent requests from different users. This vulnerability is fixed in 4.12.18.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-524 - Use of Cache Containing Sensitive Information

The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.

References

Advisory

Advisory Timeline

Published May 13, 2026

Use of Cache Containing Sensitive Information

CVE-2026-44457

Summary

CWE-524 - Use of Cache Containing Sensitive Information

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS