CVE-2026-56764
LOW
NVD
CVSS Score
3.7
Severity
LOW
Published
Jul 15, 2026
Vendor
unknown
Description
Hono before 4.11.10 contains a timing attack vulnerability in the basicAuth and bearerAuth middlewares due to non-constant-time string comparison in the timingSafeEqual function. Attackers can exploit early termination of string equality checks to infer valid credentials through precise timing measurements.