What is CVE-2026-47076?

CVE-2026-47076 is a medium-severity vulnerability in Benoitc Hackney, classified under CWE-436. CVSS score: 6.5/10. Published 2026-05-25.

How severe is CVE-2026-47076?

Medium severity. CVSS v3 base score is 6.5 out of 10.

SSRF in Benoitc Hackney

CVE-2026-47076

Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackney_url:normalize/2 URL-decodes the host component after the URL has been parsed into a #hackney_url{} record. OTP's uri_string:parse/1 and in…

EPSS: 0.000 (2.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N.

Affected products

Benoitc Hackney — versions 0.13.0, 4d725507588942fd00efca15b86da3273656510a

Weakness classification (CWE)

References

6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, Exploit, vendor-advisory, Patch, Vendor Advisory)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, Patch, Third Party Advisory)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, Patch, Third Party Advisory)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (Patch, patch)

Frequently asked questions

What is CVE-2026-47076?: CVE-2026-47076 is a medium-severity vulnerability in Benoitc Hackney, classified under CWE-436. CVSS score: 6.5/10. Published 2026-05-25.
How severe is CVE-2026-47076?: Medium severity. CVSS v3 base score is 6.5 out of 10.