exploit-notes

🎯 Pentest Playbook Index Welcome to the comprehensive penetra...

CVE-2026-24472 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control...

CVE-2026-24472

CVE-2026-24472 affects Hono (web framework for JavaScript runtimes) through Cache Middleware prior to version 4.11.7, where HTTP cache control handling does not respect headers like Cache-Control: private or no-store, risking private/authenticated responses being cached and exposed. The issue is ...

CVE-2026-24472 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control...

CVE-2026-24472 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control...

Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception

Summary Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control headers such as Cache-Control: private or Cache-Control: no-store, which may result in private or...

GHSA-6WQW-2P9W-4VW4 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception

Summary Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control headers such as Cache-Control: private or Cache-Control: no-store, which may result in private or...

Algolia: Web Cache Deception vulnerability on algolia.com leads to personal information leakage

A web cache deception vulnerability was discovered on algolia.com, which could allow an attacker to trick a caching proxy into storing private information transmitted over the internet from an authenticated user. The attacker could then access the cached data, which may include personal and...

TikTok: Information Leakage via TikTok Ads Web Cache Deception

A theoretical web cache deception vulnerability was found on TikTok Ads, that could have resulted in information leakage if clicked on by an authenticated user. We thank @arifmkhls for reporting this to our team and confirming its resolution...

Glassdoor: [https://www.glassdoor.com] - Web Cache Deception Leads to gdtoken Disclosure

A web cache deception issue was reported by @bombon For the exploit to trigger, the victim must be logged-in to Glassdoor and must also visit an attacker-controlled page that makes the victim hit the caching page, programmatically fetch the cached CSRF token gdToken, and forge and send a request ...

Shopify: Shopify.com Web Cache Deception vulnerability leads to personal information and CSRF tokens leakage

Shopify.com Web Cache Deception Vulnerability Matteo Golinelli, July 21, 2021. I am testing websites for possible Web Cache Deception vulnerabilities you can find more about it here and I discovered that shopify.com is vulnerable. Web cache deception WCD is an attack where an attacker tricks a...

Kaspersky: Several domains on kaspersky.com are vulnerable to Web Cache Deception attack

Reported security issue allowed a potential attacker to steal potentially sensitive information of users of a website, because multiple subdomains of the Kaspersky domain were vulnerable to web cache deception attack. In this scenario the user needs to open a phishing link in a web browser. The...

Vanilla: Web cache deception attack on https://open.vanillaforums.com/messages/all

I have found a Vulnerability in vanilla forums which called Web cache deception attack. Web Cache Deception Attack Websites often tend to use web cache functionality to store files that are often retrieved, to reduce latency from the web server. Websites often tend to use web cache functionality...

OLX: web cache deception in https://tradus.com lead to name/user_id enumeration and other info

summary Hi OLX team, i found a web cache deception vulnerability in https://tradus.com. With this vulnerability an attacker can gain access to the name of the victim user, the userid and other informations. Attack scenario 1 an attacker send to the victim a link to the malicious page like the PoC...

Semrush: Web cache deception attack - expose earning state information

Hello, I have found new Vulnerability in your website which called Web cache deception attack. It's found first time in Paypal. Web Cache Deception Attack Websites often tend to use web cache functionality to store files that are often retrieved, to reduce latency from the web server. Let's see a...

QIWI: [*.rocketbank.ru] Web Cache Deception & XSS

Практически все сайты .rocketbank.ru, основанные на readymag.rocketbank.ru, уязвимы к Web Cache Deception и XSS. Пример запроса: http GET /?xx HTTP/1.1 Host: wknd.rocketbank.ru X-Forwarded-Host: cacheattack'"alertdocument.domain HTTP ответ: html alertdocument.domain/friends/" alertdocument.domain...

Discourse: CSRF-tokens on pages without no-cache headers, resulting in ATO when using CloudFlare proxy (Web Cache Deception)

Hi, I noticed this issue on one of your clients which was using CloudFlare in front of their Discourse. This is not affecting try.discourse.org but the same underlying issue can be seen there as well even though it's not exploitable on that specific domain. The TL;DR of issue is basically:...

Airachnid Burp Extension - A Burp Extension to test applications for vulnerability to the Web Cache Deception attack

A Burp extension to test applications for vulnerability to the Web Cache Deception attack. Once the extension has been loaded, it can be accessed in the Target - Sitemap tab and right click on the resource that should be tested. A context sensitive menu item called "Airachnid Web Cache Test" will...