Vulnerability in Elixir-plug Plug

CVE-2026-56813

Improper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allows an attacker to inject or override HTTP cookie attributes. The Plug.Conn.Cookies.encode/2 function in lib/plug/conn/cookies.ex builds the Set…

Affected products

Weakness classification (CWE)

References