CVE-2026-54288

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, the Body Limit Middleware trusts the request's Content-Length header to decide whether a body is within the limit. On AWS Lambda API Gateway v1/v2, ALB, VPC Lattice, and Lambda@Edge the body is...

CVE-2026-54289 Hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so...

CVE-2026-54289

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so...

hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest

Summary On AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so every value overwrites the previous one and only the last reaches the application. Repeated reques...

NPM: hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest

NPM: hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest vulnerability discovered by ? in WordPress Npm hono versions 4.12.25...

PT-2026-49736

Summary On AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so every value overwrites the previous one and only the last reaches the application. Repeated reques...

What’s New in InsightAppSec and tCell: Q1 2021 in Review

2021 is off and running! The big question on the corporate world’s mind is, of course, “What will work life look like at the end of 2021?” With vaccines rolling out around the world, another shift is set to take place around when and where people put in their hours. As offices slowly start to...

Rapid7 Announces Release of New tCell Amazon CloudFront Agent

Cloud-native approaches to building, hosting, and delivering web applications are growing rapidly. Content delivery networks CDNs such as Amazon CloudFront are on the rise, pushing content closer to end users to improve the performance of web applications. To protect web applications security tea...