Resource exhaustion in Ninenines Cowboy

CVE-2026-8466

Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboy_req:read_part/3 in src/cowboy_req.erl accumulates incomi…

EPSS: 0.000 (6.7th percentile) — read the EPSS interpretation.

Affected products

Ninenines Cowboy — versions 2.0.0, 917cf99e10c41676183d501b86af6e47c95afb89

Weakness classification (CWE)

CWE-770 — Allocation of Resources Without Limits or Throttling

References

6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, third-party-advisory)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)