Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-54892
PUBLISHED
More InfoOfficial Page
Assigner-EEF
Assigner Org ID-6b3ad84c-e1a6-4bf7-a703-f496b71e49db
View Known Exploited Vulnerability (KEV) details
Published At-23 Jun, 2026 | 12:31
Updated At-23 Jun, 2026 | 18:21
Rejected At-
▼CVE Numbering Authority (CNA)
Plug: quadratic-time decoding of nested query/body parameters enables denial of service

Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Conn.Query.decode/4 (and Plug.Conn.Query.decode_each/2) parse query strings and application/x-www-form-urlencoded request bodies. When a key contains many bracketed segments such as a[a][a][a]=1, the decoder walks the brackets and, for each of the N levels, performs a map operation keyed on an ever-growing binary prefix of the key, hashing the full byte range at each step. The total decode cost is therefore quadratic in the number of nesting levels. With the default Plug.Parsers.URLENCODED body limit of 1,000,000 bytes, a single request can carry roughly 333,000 nesting levels and saturate a BEAM scheduler for minutes. A small number of concurrent requests can saturate all schedulers and render a Plug-based server unresponsive. No authentication or knowledge of application routes is required. This vulnerability is associated with program files lib/plug/conn/query.ex and program routines Plug.Conn.Query.decode/4, Plug.Conn.Query.decode_each/2, Plug.Conn.Query.split_keys/6, Plug.Conn.Query.insert_keys/3, and Plug.Conn.Query.finalize_pointer/2. This issue affects plug from 1.15.0 before 1.15.5, 1.16.4, 1.17.2, 1.18.3, and 1.19.3.

Affected Products
Vendor
elixir-plug
Product
plug
Collection URL
https://repo.hex.pm
Package Name
plug
Repo
https://github.com/elixir-plug/plug
CPEs
  • cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*
Modules
  • 'Elixir.Plug.Conn.Query'
Program Files
  • lib/plug/conn/query.ex
Program Routines
  • 'Elixir.Plug.Conn.Query':decode/4
  • 'Elixir.Plug.Conn.Query':decode_each/2
  • 'Elixir.Plug.Conn.Query':split_keys/6
  • 'Elixir.Plug.Conn.Query':insert_keys/3
  • 'Elixir.Plug.Conn.Query':finalize_pointer/2
Default Status
unaffected
Versions
Affected
  • From 1.15.0 before 1.15.5 (semver)
  • From 1.16.0 before 1.16.4 (semver)
  • From 1.17.0 before 1.17.2 (semver)
  • From 1.18.0 before 1.18.3 (semver)
  • From 1.19.0 before 1.19.3 (semver)
Vendor
elixir-plug
Product
plug
Collection URL
https://github.com
Package Name
elixir-plug/plug
Repo
https://github.com/elixir-plug/plug
CPEs
  • cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*
Modules
  • 'Elixir.Plug.Conn.Query'
Program Files
  • lib/plug/conn/query.ex
Program Routines
  • 'Elixir.Plug.Conn.Query':decode/4
  • 'Elixir.Plug.Conn.Query':decode_each/2
  • 'Elixir.Plug.Conn.Query':split_keys/6
  • 'Elixir.Plug.Conn.Query':insert_keys/3
  • 'Elixir.Plug.Conn.Query':finalize_pointer/2
Default Status
unaffected
Versions
Affected
  • From 712b875d3442c765d8d37e546ffd5ad9f8afcc55 before * (git)
    • -> unaffectedfromc317d08fdcf96e17931f7419275b2b8c4bf3e951
    • -> unaffectedfrom9c5d37c440eaae92869eed7c014c47266744fadb
    • -> unaffectedfromd737eb236f17e31a36290e39f9ef3cd86a1343bd
    • -> unaffectedfromd4e5568392a4b29e545b91e12e87d6098f976145
    • -> unaffectedfroma61124aa625d819a218fb07f90afbac8aa85eb0e
Problem Types
TypeCWE IDDescription
CWECWE-407CWE-407 Inefficient Algorithmic Complexity
Type: CWE
CWE ID: CWE-407
Description: CWE-407 Inefficient Algorithmic Complexity
Metrics
VersionBase scoreBase severityVector
4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-229CAPEC-229 Serialized Data Parameter Blowup
CAPEC ID: CAPEC-229
Description: CAPEC-229 Serialized Data Parameter Blowup
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Braidon Whatley
remediation developer
José Valim
analyst
Jonatan Männchen / EEF
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/elixir-plug/plug/security/advisories/GHSA-j43x-5hjq-rgxf
vendor-advisory
related
https://cna.erlef.org/cves/CVE-2026-54892.html
related
https://osv.dev/vulnerability/EEF-CVE-2026-54892
related
https://github.com/elixir-plug/plug/commit/c317d08fdcf96e17931f7419275b2b8c4bf3e951
patch
https://github.com/elixir-plug/plug/commit/9c5d37c440eaae92869eed7c014c47266744fadb
patch
https://github.com/elixir-plug/plug/commit/d737eb236f17e31a36290e39f9ef3cd86a1343bd
patch
https://github.com/elixir-plug/plug/commit/d4e5568392a4b29e545b91e12e87d6098f976145
patch
https://github.com/elixir-plug/plug/commit/a61124aa625d819a218fb07f90afbac8aa85eb0e
patch
Hyperlink: https://github.com/elixir-plug/plug/security/advisories/GHSA-j43x-5hjq-rgxf
Resource:
vendor-advisory
related
Hyperlink: https://cna.erlef.org/cves/CVE-2026-54892.html
Resource:
related
Hyperlink: https://osv.dev/vulnerability/EEF-CVE-2026-54892
Resource:
related
Hyperlink: https://github.com/elixir-plug/plug/commit/c317d08fdcf96e17931f7419275b2b8c4bf3e951
Resource:
patch
Hyperlink: https://github.com/elixir-plug/plug/commit/9c5d37c440eaae92869eed7c014c47266744fadb
Resource:
patch
Hyperlink: https://github.com/elixir-plug/plug/commit/d737eb236f17e31a36290e39f9ef3cd86a1343bd
Resource:
patch
Hyperlink: https://github.com/elixir-plug/plug/commit/d4e5568392a4b29e545b91e12e87d6098f976145
Resource:
patch
Hyperlink: https://github.com/elixir-plug/plug/commit/a61124aa625d819a218fb07f90afbac8aa85eb0e
Resource:
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/elixir-plug/plug/security/advisories/GHSA-j43x-5hjq-rgxf
exploit
Hyperlink: https://github.com/elixir-plug/plug/security/advisories/GHSA-j43x-5hjq-rgxf
Resource:
exploit
Details not found