A vulnerability classified as problematic was found in honojs hono up to 4.12.24 . Affected is the function Headers.set of the component X-Forwarded-For Handler . Executing a manipulation can lead to use of less trusted source. This vulnerability appears as CVE-2026-54289 . The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.