https://vulnerability.circl.lu/sightings/feed 2026-06-11T19:53:52.283301+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/51f4d7b6-93c7-49bd-9714-128d458fa6d6/export 2026-06-11T19:53:52.733806+00:00 Joseph Lee https://cve.circl.lu/user/syspect {"uuid": "51f4d7b6-93c7-49bd-9714-128d458fa6d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-8467", "type": "published-proof-of-concept", "source": "https://github.com/phenixdigital/phoenix_storybook/security/advisories/GHSA-55hg-8qxv-qj4p", "content": "", "creation_timestamp": "2026-05-20T11:02:01.000000Z"} 2026-05-20T11:02:01+00:00 https://vulnerability.circl.lu/sighting/55d8a205-d4c1-4ec6-b56b-ac4fa6a46f89/export 2026-06-11T19:53:52.733702+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "55d8a205-d4c1-4ec6-b56b-ac4fa6a46f89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8467", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmcaes4zid2e", "content": "CVE-2026-8467 - Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground\nCVE ID : CVE-2026-8467\n \n Published : May 20, 2026, 1:35 p.m. | 39\u00a0minutes ago\n \n Description : Code Injection vulnerability in phenixdigital phoenix_storybook all...", "creation_timestamp": "2026-05-20T15:38:15.762539Z"} 2026-05-20T15:38:15.762539+00:00 https://vulnerability.circl.lu/sighting/931ec3a1-c4fc-4ee6-af98-0c8e25b51f24/export 2026-06-11T19:53:52.731001+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "931ec3a1-c4fc-4ee6-af98-0c8e25b51f24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8467", "type": "seen", "source": "https://gist.github.com/alon710/8fd39736c139424c0b6f1dacb91f586a", "content": "# CVE-2026-8467: CVE-2026-8467: Unauthenticated Remote Code Execution in phoenix_storybook\n\n> **CVSS Score:** 9.5\n> **Published:** 2026-06-09\n> **Full Report:** https://cvereports.com/reports/CVE-2026-8467\n\n## Summary\nAn unauthenticated remote code execution (RCE) vulnerability exists in phoenix_storybook versions 0.5.0 through 1.0.x due to improper input sanitization during HEEx template generation. By sending crafted WebSocket messages, an attacker can escape HTML attribute boundaries and execute arbitrary Elixir code.\n\n## TL;DR\nImproper sanitization of component attributes in the phoenix_storybook playground allows remote attackers to inject arbitrary Elixir expressions into HEEx templates, resulting in unauthenticated remote code execution.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-94\n- **Attack Vector**: Network (AV:N)\n- **CVSS Score**: 9.5 (Critical)\n- **Exploit Status**: Proof-of-Concept Available\n- **KEV Status**: Not Listed\n- **Impact**: Unauthenticated Remote Code Execution\n\n## Affected Systems\n\n- phoenix_storybook (Elixir Package)\n- **phoenix_storybook**: >= 0.5.0, < 1.1.0 (Fixed in: `1.1.0`)\n\n## Mitigation\n\n- Upgrade phoenix_storybook to version 1.1.0 or higher\n- Restrict Storybook route definition to :dev environments in mix.exs and router.ex\n- Apply network level IP whitelisting to the storybook endpoints\n\n**Remediation Steps:**\n1. Open mix.exs and locate the phoenix_storybook dependency definition.\n2. Change the version constraint to '~> 1.1.0'.\n3. Run 'mix deps.get' and 'mix deps.compile phoenix_storybook' to fetch and compile the patched package.\n4. Verify that the build completes successfully and execute all regression tests using 'mix test'.\n\n## References\n\n- [GHSA-55hg-8qxv-qj4p: Remote Code Execution in phoenix_storybook](https://github.com/phenixdigital/phoenix_storybook/security/advisories/GHSA-55hg-8qxv-qj4p)\n- [CVE-2026-8467 Record](https://www.cve.org/CVERecord?id=CVE-2026-8467)\n- [EEF CNA Security Advisory](https://cna.erlef.org/cves/CVE-2026-8467.html)\n- [Code Patch Commit](https://github.com/phenixdigital/phoenix_storybook/commit/56ab8464d4375fa52db806148a06cce126ad481d)\n- [OSV Advisory Page](https://osv.dev/vulnerability/EEF-CVE-2026-8467)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-8467) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-09T23:41:37.000000Z"} 2026-06-09T23:41:37+00:00