Homepage

Improper Input Validation Affecting kibana-9.3-advanced package, versions *

Severity

 Recommended
low

Based on default assessment until relevant scores are available.

Threat Intelligence

EPSS
0.03% (8th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Improper Input Validation vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-MINIMOSLATEST-KIBANA93ADVANCED-16339929
  • published2 May 2026
  • disclosed8 Apr 2026
Report a new vulnerability Found a mistake?

Introduced: 8 Apr 2026

NewCVE-2026-39410  (opens in a new tab)
CWE-20  (opens in a new tab)

How to fix?

There is no fixed version for Minimos:latest kibana-9.3-advanced.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kibana-9.3-advanced package and not the kibana-9.3-advanced package as distributed by Minimos. See How to fix? for Minimos:latest relevant fixed versions and status.

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a discrepancy between browser cookie parsing and parse() handling allows cookie prefix protections to be bypassed. Cookie names that are treated as distinct by the browser may be normalized to the same key by parse(), allowing attacker-controlled cookies to override legitimate ones. This vulnerability is fixed in 4.12.12.