Resource exhaustion in Elixir-plug Plug

CVE-2026-56814

Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of s…

Affected products

Weakness classification (CWE)

References