MEDIUM
membraneframework
CVE published 2026-06-11
CVE-2026-53423
CVE-2026-53423 is a medium-severity vulnerability in the membraneframework membrane_mp4_plugin. The vulnerability allows unauthenticated attackers to cause a denial-of-service (DoS) by exhausting the BEAM atom table. This occurs because the MP4 box header parser converts each 4-byte box name to an atom using String.to_atom/1 without validation, leading to permanent allocation of unique attacker-controlled [truncated]