Resource exhaustion in Phoenixframework Phoenix

CVE-2026-32689

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST r…

EPSS: 0.000 (5.4th percentile) — read the EPSS interpretation.

Affected products

Phoenixframework Phoenix — versions 1.7.0, 1.8.0, 2674c6ea30634667f9b09966b90269393b445953

Weakness classification (CWE)

CWE-770 — Allocation of Resources Without Limits or Throttling

References

6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, vendor-advisory)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)