Primary

Context

Hono Web Framework Serve Static Middleware Information Disclosure Vulnerability in Cloudflare Workers

Vulnerability

A vulnerability allowing information disclosure has been identified in the Hono web application framework, specifically in versions prior to 4.11.7. The issue resides in the Serve Static Middleware for the Cloudflare Workers adapter, where improper validation of user-controlled paths can lead to unauthorized access to internal asset keys. This vulnerability allows attackers to read arbitrary keys from the Workers environment, potentially disclosing sensitive information.

Impact

Exploitation of this vulnerability could result in unauthorized access to internal asset keys stored in the Workers environment, allowing attackers to read but not modify data or execute arbitrary code.

Remediation

Users are advised to upgrade to Hono version 4.11.7, which addresses this vulnerability.

Added: Jan 27, 2026, 8:20 PM

Updated: Jan 27, 2026, 8:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

0.0

relevance

2.3

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

0.0

relevance

2.3

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hono Web Framework Serve Static Middleware Information Disclosure Vulnerability in Cloudflare Workers

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating