https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-05-10T02:45:45.957585+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/eb250ae7-363e-4130-a5fc-2d49835fb282/exporteb250ae7-363e-4130-a5fc-2d49835fb2822026-05-10T02:45:46.338891+00:00Automation userhttp://cve.circl.lu/user/automation{"uuid": "eb250ae7-363e-4130-a5fc-2d49835fb282", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32689", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml4nxphuoq2k", "content": "CVE-2026-32689 - Long-poll NDJSON body splitting causes unbounded memory allocation in Phoenix\nCVE ID : CVE-2026-32689\n \n Published : 5. Mai 2026 15:17 | 1\u00a0Stunde, 4\u00a0Minuten ago\n \n Description : Allocation of Resources Without Limits or Throttling vulnerability in phoenixframe...", "creation_timestamp": "2026-05-05T17:00:19.005229Z"}2026-05-05T17:00:19.005229+00:00https://vulnerability.circl.lu/sighting/6705269c-7878-4af6-a311-124c82d0df61/export6705269c-7878-4af6-a311-124c82d0df612026-05-10T02:45:46.337297+00:00Automation userhttp://cve.circl.lu/user/automation{"uuid": "6705269c-7878-4af6-a311-124c82d0df61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32689", "type": "seen", "source": "https://gist.github.com/alon710/bf727aea4f480d1e2e016713a2841996", "content": "# CVE-2026-32689: CVE-2026-32689: Denial of Service in Phoenix Framework LongPoll Transport via NDJSON Payload Amplification\n\n> **CVSS Score:** 8.7\n> **Published:** 2026-05-08\n> **Full Report:** https://cvereports.com/reports/CVE-2026-32689\n\n## Summary\nThe Phoenix Framework contains a high-severity Denial of Service vulnerability in its LongPoll transport mechanism. The vulnerability is caused by unbounded memory allocation when processing Newline Delimited JSON (NDJSON) payloads. Unauthenticated attackers can trigger Out-Of-Memory conditions on the host BEAM node, terminating all active sessions by forcing the server to evaluate excessive newline characters.\n\n## TL;DR\nUnauthenticated remote attackers can crash Phoenix Framework nodes by sending an 8MB NDJSON payload consisting entirely of newline characters to the LongPoll endpoint, triggering memory exhaustion via eager string evaluation.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-770\n- **Attack Vector**: Network\n- **CVSS Base Score**: 8.7 (High)\n- **EPSS Score**: 0.00045\n- **Impact**: Denial of Service (Node Crash)\n- **Exploit Status**: Unexploited / PoC Only\n- **CISA KEV**: No\n\n## Affected Systems\n\n- Phoenix Framework (phoenix Hex package) < 1.7.22\n- Phoenix Framework (phoenix Hex package) 1.8.x < 1.8.6\n- Any Elixir application exposing Phoenix LiveView endpoints via LongPoll\n- **Phoenix Framework**: >= 1.7.0, < 1.7.22 (Fixed in: `1.7.22`)\n- **Phoenix Framework**: >= 1.8.0, < 1.8.6 (Fixed in: `1.8.6`)\n\n## Mitigation\n\n- Upgrade Phoenix framework to patched versions (1.7.22 or 1.8.6).\n- Disable the LongPoll transport in Phoenix.Socket configurations if WebSocket connections are sufficient.\n- Implement network-level size restrictions or WAF rules to drop anomalous POST requests containing excessive application/x-ndjson payloads.\n\n**Remediation Steps:**\n1. Identify the current version of the `phoenix` Hex package running in your application environments.\n2. Update the `mix.exs` dependencies to require at least `~> 1.7.22` or `~> 1.8.6`.\n3. Run `mix deps.get` and `mix deps.compile` to fetch and compile the updated framework code.\n4. If patching is delayed, modify the endpoint module to set `longpoll: false` inside the socket declarations.\n\n## References\n\n- [GitHub Advisory: GHSA-628h-q48j-jr6q](https://github.com/phoenixframework/phoenix/security/advisories/GHSA-628h-q48j-jr6q)\n- [Erlang Ecosystem Foundation CNA Record](https://cna.erlef.org/cves/CVE-2026-32689.html)\n- [OSV Record for EEF-CVE-2026-32689](https://osv.dev/vulnerability/EEF-CVE-2026-32689)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-32689) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-08T20:40:28.000000Z"}2026-05-08T20:40:28+00:00