Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-54892
Deferred
More InfoOfficial Page
Source-6b3ad84c-e1a6-4bf7-a703-f496b71e49db
View Known Exploited Vulnerability (KEV) details
Published At-23 Jun, 2026 | 13:16
Updated At-23 Jun, 2026 | 15:44

Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Conn.Query.decode/4 (and Plug.Conn.Query.decode_each/2) parse query strings and application/x-www-form-urlencoded request bodies. When a key contains many bracketed segments such as a[a][a][a]=1, the decoder walks the brackets and, for each of the N levels, performs a map operation keyed on an ever-growing binary prefix of the key, hashing the full byte range at each step. The total decode cost is therefore quadratic in the number of nesting levels. With the default Plug.Parsers.URLENCODED body limit of 1,000,000 bytes, a single request can carry roughly 333,000 nesting levels and saturate a BEAM scheduler for minutes. A small number of concurrent requests can saturate all schedulers and render a Plug-based server unresponsive. No authentication or knowledge of application routes is required. This vulnerability is associated with program files lib/plug/conn/query.ex and program routines Plug.Conn.Query.decode/4, Plug.Conn.Query.decode_each/2, Plug.Conn.Query.split_keys/6, Plug.Conn.Query.insert_keys/3, and Plug.Conn.Query.finalize_pointer/2. This issue affects plug from 1.15.0 before 1.15.5, 1.16.4, 1.17.2, 1.18.3, and 1.19.3.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
N/A
Type: Secondary
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-407Secondary6b3ad84c-e1a6-4bf7-a703-f496b71e49db
CWE ID: CWE-407
Type: Secondary
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://cna.erlef.org/cves/CVE-2026-54892.html6b3ad84c-e1a6-4bf7-a703-f496b71e49db
N/A
https://github.com/elixir-plug/plug/commit/9c5d37c440eaae92869eed7c014c47266744fadb6b3ad84c-e1a6-4bf7-a703-f496b71e49db
N/A
https://github.com/elixir-plug/plug/commit/a61124aa625d819a218fb07f90afbac8aa85eb0e6b3ad84c-e1a6-4bf7-a703-f496b71e49db
N/A
https://github.com/elixir-plug/plug/commit/c317d08fdcf96e17931f7419275b2b8c4bf3e9516b3ad84c-e1a6-4bf7-a703-f496b71e49db
N/A
https://github.com/elixir-plug/plug/commit/d4e5568392a4b29e545b91e12e87d6098f9761456b3ad84c-e1a6-4bf7-a703-f496b71e49db
N/A
https://github.com/elixir-plug/plug/commit/d737eb236f17e31a36290e39f9ef3cd86a1343bd6b3ad84c-e1a6-4bf7-a703-f496b71e49db
N/A
https://github.com/elixir-plug/plug/security/advisories/GHSA-j43x-5hjq-rgxf6b3ad84c-e1a6-4bf7-a703-f496b71e49db
N/A
https://osv.dev/vulnerability/EEF-CVE-2026-548926b3ad84c-e1a6-4bf7-a703-f496b71e49db
N/A
https://github.com/elixir-plug/plug/security/advisories/GHSA-j43x-5hjq-rgxf134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: https://cna.erlef.org/cves/CVE-2026-54892.html
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Resource: N/A
Hyperlink: https://github.com/elixir-plug/plug/commit/9c5d37c440eaae92869eed7c014c47266744fadb
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Resource: N/A
Hyperlink: https://github.com/elixir-plug/plug/commit/a61124aa625d819a218fb07f90afbac8aa85eb0e
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Resource: N/A
Hyperlink: https://github.com/elixir-plug/plug/commit/c317d08fdcf96e17931f7419275b2b8c4bf3e951
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Resource: N/A
Hyperlink: https://github.com/elixir-plug/plug/commit/d4e5568392a4b29e545b91e12e87d6098f976145
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Resource: N/A
Hyperlink: https://github.com/elixir-plug/plug/commit/d737eb236f17e31a36290e39f9ef3cd86a1343bd
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Resource: N/A
Hyperlink: https://github.com/elixir-plug/plug/security/advisories/GHSA-j43x-5hjq-rgxf
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Resource: N/A
Hyperlink: https://osv.dev/vulnerability/EEF-CVE-2026-54892
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Resource: N/A
Hyperlink: https://github.com/elixir-plug/plug/security/advisories/GHSA-j43x-5hjq-rgxf
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A
Change History
0Changes found

Details not found