Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-56764

LOW NVD
CVSS Score 3.7
Severity LOW
Published Jul 15, 2026
Vendor unknown

Description

Hono before 4.11.10 contains a timing attack vulnerability in the basicAuth and bearerAuth middlewares due to non-constant-time string comparison in the timingSafeEqual function. Attackers can exploit early termination of string equality checks to infer valid credentials through precise timing measurements.

References