CVE-2026-39408

Description

Hono: Path traversal in toSSG() allows writing files outside the output directory

Predictions

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

References

• https://github.com/honojs/hono/security/advisories/GHSA-xf4j-xp2r-rqqx
• https://nvd.nist.gov/vuln/detail/CVE-2026-39408
• https://github.com/honojs/hono/commit/b470278920fffcfd6d76002755d6db53db827679
• https://github.com/honojs/hono
• https://github.com/honojs/hono/releases/tag/v4.12.12