Resource exhaustion in Elixir-mint Mint

CVE-2026-49754

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client (HTTP/2 CONTINUATION flood). When Mint's HTTP/2 receive path observes a HE…

EPSS: 0.000 (13.2th percentile) — read the EPSS interpretation.

Affected products

Elixir-mint Mint — versions 0.1.0, 596ca4304504be68939c4929e0831557097962b8

Weakness classification (CWE)

CWE-770 — Allocation of Resources Without Limits or Throttling

References

6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, vendor-advisory)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)