RCE in Phenixdigital Phoenix_storybook

CVE-2026-8467

Code Injection vulnerability in phenixdigital phoenix_storybook allows unauthenticated remote code execution via unsanitized attribute value interpolation in HEEx template generation. The psb-assign WebSocket event handler in 'Elixir.Phoe…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.004 (61.4th percentile) — read the EPSS interpretation.

Affected products

Phenixdigital Phoenix_storybook — versions 0.5.0, e35379dfe2ef1a71b141899e36f431017c55265d

Weakness classification (CWE)

CWE-94 — Code Injection

References

6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, vendor-advisory)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)