PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-56812 phoenixframework CVE debrief

CVE-2026-56812 is an Improper Check for Unusual or Exceptional Conditions vulnerability in the Phoenix JavaScript presence client. An attacker with ordinary channel access can cause a persistent client-side denial of service against every viewer of a presence channel topic. The vulnerability is due to a bare truthiness test (state[key]) instead of an own-property check, allowing an attacker to control presence keys and cause an uncaught TypeError. This issue affects phoenix framework versions from 1.2.0-rc.0 before 1.5.15, from 1.6.0-rc.0 before 1.6.17, from 1.7.0-rc.0 before 1.7.24, and from 1.8.0-rc.0 before 1.8.9.

Vendor
phoenixframework
Product
phoenix
CVSS
MEDIUM 6.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-07
Original CVE updated
2026-07-07
Advisory published
2026-07-07
Advisory updated
2026-07-07

Who should care

Users of phoenix framework, particularly those using versions from 1.2.0-rc.0 before 1.5.15, from 1.6.0-rc.0 before 1.6.17, from 1.7.0-rc.0 before 1.7.24, and from 1.8.0-rc.0 before 1.8.9, should be aware of this vulnerability and take necessary actions to mitigate it.

Technical summary

The Phoenix JavaScript presence client checks for presence using a bare truthiness test (state[key]) instead of an own-property check. This allows an attacker to control presence keys and cause an uncaught TypeError by choosing a key that is an Object.prototype member name. The exception propagates out of the presence message handler, preventing local state updates and onSync() from firing. The malicious key is tracked on the server and re-pushed on every presence update, keeping presence sync broken for every viewer of that channel topic until the attacker leaves.

Defensive priority

Medium priority due to the CVSS score of 6.3 and the potential for denial of service attacks.

Recommended defensive actions

  • Update phoenix to a version that fixes the vulnerability (1.5.15, 1.6.17, 1.7.24, or 1.8.9)
  • Implement own-property checks for presence keys
  • Monitor presence channel topics for suspicious activity
  • Consider using compensating controls such as rate limiting or IP blocking
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed

Evidence notes

The CVE record was published on 2026-07-07T16:16:40.920Z and has not been modified since then. The NVD entry is currently Received. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The vulnerability affects phoenix framework versions from 1.2.0-rc.0 before 1.5.15, from 1.6.0-rc.0 before 1.6.17, from 1.7.0-rc.0 before 1.7.24, and from 1.8.0-rc.0 before 1.8.9.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-07T16:16:40.920Z and has not been modified since then.