CVE-2026-33129 | h3js h3 up to 2.0.0-rc.8/2.0.1-rc.9 requireBasicAuth timing discrepancy

A vulnerability identified as problematic has been detected in h3js h3 up to 2.0.0-rc.8/2.0.1-rc.9. This impacts the function requireBasicAuth. Performing a manipulation results in observable timing discrepancy.

This vulnerability was named CVE-2026-33129. The attack may be initiated remotely. There is no available exploit.

You should upgrade the affected component.