PatchSiren

elixir-plug CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH elixir-plug CVE published 2026-04-27

CVE-2026-32688

CVE-2026-32688 is a high-severity denial-of-service issue in elixir-plug plug_cowboy. In affected versions, HTTP/2 request handling can turn attacker-controlled :scheme values into atoms, permanently consuming entries in the BEAM atom table until the node aborts with system_limit. HTTP/1.1 is not affected by the described path.