Join the Cyber Forum: Threat Intel on May 12, 2026 to learn how AI is reshaping threat defense.Join the Virtual Cyber Forum: Threat IntelRegister Now
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • AI Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2026-24472

CVE-2026-24472: Hono Cache Information Disclosure Flaw

CVE-2026-24472 is an information disclosure vulnerability in Hono's Cache Middleware that exposes private data through improper cache control handling. This article covers technical details, affected versions, and mitigation.

Published: January 30, 2026

CVE-2026-24472 Overview

CVE-2026-24472 is an information disclosure vulnerability in Hono, a popular Web application framework that provides support for any JavaScript runtime. The vulnerability exists in the Cache Middleware component, which improperly handles HTTP cache control directives. Specifically, the middleware fails to respect standard cache control headers such as Cache-Control: private or Cache-Control: no-store, which may result in private or authenticated responses being cached and subsequently exposed to unauthorized users.

This vulnerability is classified under CWE-524 (Use of Cache Containing Sensitive Information), as the caching mechanism stores sensitive data that should not be persisted or shared across user sessions.

Critical Impact

Private or authenticated responses may be cached and exposed to unauthorized users, potentially leading to sensitive data leakage including session tokens, personal information, or other confidential data intended for specific authenticated users.

Affected Products

  • Hono versions prior to 4.11.7
  • Applications using Hono's Cache Middleware
  • Any JavaScript runtime environment running vulnerable Hono versions

Discovery Timeline

  • 2026-01-27 - CVE-2026-24472 published to NVD
  • 2026-01-29 - Last updated in NVD database

Technical Details for CVE-2026-24472

Vulnerability Analysis

The vulnerability stems from the Cache Middleware's failure to properly interpret and honor HTTP cache control directives. When a response includes headers such as Cache-Control: private or Cache-Control: no-store, compliant caching implementations should either store the response only in a private cache (for the specific user) or not cache the response at all, respectively.

In affected versions of Hono, the Cache Middleware ignores these directives and caches responses indiscriminately. This creates a scenario where authenticated or user-specific responses can be stored in the cache and subsequently served to different users who request the same resource, effectively bypassing authentication and authorization controls at the caching layer.

The attack can be performed over the network without requiring authentication, making it accessible to any attacker who can send requests to the vulnerable application. However, the impact is limited to confidentiality exposure of cached data.

Root Cause

The root cause of CVE-2026-24472 is improper validation and handling of HTTP cache control headers within Hono's Cache Middleware. The middleware implementation did not include logic to parse and respect the Cache-Control header values that indicate a response should not be cached or should only be stored in private caches. This oversight allowed all responses to be cached regardless of the explicit caching instructions provided by the application.

Attack Vector

The attack vector is network-based and does not require any privileges or user interaction. An attacker can exploit this vulnerability through the following sequence:

  1. An authenticated user makes a request to a protected endpoint that returns sensitive data with Cache-Control: private or Cache-Control: no-store headers
  2. The vulnerable Cache Middleware ignores these headers and caches the response
  3. An unauthenticated attacker (or different user) requests the same resource
  4. The cached response containing the first user's sensitive data is served to the attacker

The vulnerability exploitation does not require sophisticated techniques. See the GitHub Security Advisory GHSA-6wqw-2p9w-4vw4 for detailed technical information on the vulnerability mechanism and exploitation scenarios.

Detection Methods for CVE-2026-24472

Indicators of Compromise

  • Unexpected cache hits for authenticated or user-specific endpoints that should not be cached
  • User reports of seeing other users' data or session information
  • Cache entries containing sensitive data with Cache-Control: private or Cache-Control: no-store in the original response headers
  • Anomalous patterns in application logs showing cached responses served for authenticated endpoints

Detection Strategies

  • Review application dependencies and verify Hono version is 4.11.7 or later
  • Audit cache middleware configuration and behavior in staging environments
  • Implement monitoring for cache hit ratios on authenticated endpoints that should not be cached
  • Test cache behavior by sending requests with various Cache-Control headers and verifying compliance

Monitoring Recommendations

  • Enable detailed logging for cache operations including cache keys, hit/miss status, and response headers
  • Monitor for unusual patterns where multiple users receive identical responses for personalized endpoints
  • Set up alerts for cache entries that contain authentication tokens or user-specific identifiers
  • Implement periodic security scans to detect vulnerable dependency versions

How to Mitigate CVE-2026-24472

Immediate Actions Required

  • Upgrade Hono to version 4.11.7 or later immediately
  • Review cached data and purge any potentially sensitive cached entries
  • Audit endpoints that handle authenticated or user-specific data to ensure proper cache control headers are set
  • Consider temporarily disabling the Cache Middleware until the patch can be applied

Patch Information

The vulnerability has been addressed in Hono version 4.11.7. The fix ensures that the Cache Middleware properly respects HTTP cache control directives including Cache-Control: private and Cache-Control: no-store.

For patch details, see the GitHub commit 12c5117.

To update, run the appropriate command for your package manager:

bash
# npm
npm update hono

# yarn
yarn upgrade hono

# pnpm
pnpm update hono

Workarounds

  • Disable the Cache Middleware entirely for routes that serve authenticated or sensitive data
  • Implement a custom caching layer that properly respects cache control headers
  • Add a middleware before the Cache Middleware to intercept and bypass caching for sensitive responses
  • Use edge caching solutions that properly implement HTTP cache control semantics
bash
# Verify your Hono version
npm list hono

# Force upgrade to the patched version
npm install hono@4.11.7 --save

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeInformation Disclosure
  • Vendor/TechHono
  • SeverityMEDIUM
  • CVSS Score5.3
  • EPSS Probability0.01%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityNone
  • CWE References
  • CWE-524
  • Technical References
  • GitHub Commit Update
  • GitHub Release v4.11.7
  • GitHub Security Advisory GHSA-6wqw-2p9w-4vw4
  • Related CVEs
  • CVE-2026-24473: Hono Information Disclosure Vulnerability
  • CVE-2026-39410: Hono Framework Auth Bypass Vulnerability
  • CVE-2026-39408: Hono Framework Path Traversal Vulnerability
  • CVE-2026-39406: Hono Node.js Auth Bypass Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English