Resource exhaustion in Oban-bg Oban_web

CVE-2026-48593

Uncontrolled Resource Consumption vulnerability in oban-bg oban_web ('Elixir.Oban.Web.CronExpr' modules) allows memory exhaustion via unbounded cron range expansion. An attacker with access to schedule cron jobs can submit a malicious cro…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.000 (14.9th percentile) — read the EPSS interpretation.

Affected products

Oban-bg Oban_web — versions 2.12.0, a97c7960bb389b05aaab4cf8042985f02ceddc24

Weakness classification (CWE)

CWE-400 — Uncontrolled Resource Consumption

References

6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, vendor-advisory)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)