CVE-2026-56813 (GCVE-0-2026-56813)

Vulnerability from cvelistv5 – Published: 2026-07-10 12:51 – Updated: 2026-07-10 14:45
VLAI
Title
Cookie attribute injection in Plug.Conn.Cookies.encode/2
Summary
Improper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allows an attacker to inject or override HTTP cookie attributes. The Plug.Conn.Cookies.encode/2 function in lib/plug/conn/cookies.ex builds the Set-Cookie response header by interpolating the cookie value and its path, domain, same_site, and extra attributes directly into the header without neutralizing the ';' delimiter that separates cookie attributes. An application that places attacker-controlled data into a cookie value or attribute (for example via Plug.Conn.put_resp_cookie/4 when reflecting a username or preference) lets an attacker inject a ';' to append or override cookie attributes (such as Domain and Path scope, or dropping the Secure and HttpOnly flags), enabling cookie tossing and session fixation. Carriage return, line feed, and null bytes are rejected by Plug.Conn header validation, so HTTP response splitting is not possible, but attribute injection through ';' is not prevented. This issue affects plug: from 0.1.0 before 1.16.6, from 1.17.0 before 1.17.4, from 1.18.0 before 1.18.5, from 1.19.0 before 1.19.5, from 1.20.0 before 1.20.3.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
Assigner
EEF
Impacted products
Vendor Product Version
elixir-plug plug Affected: 0.1.0 , < 1.16.6 (semver)
Affected: 1.17.0 , < 1.17.4 (semver)
Affected: 1.18.0 , < 1.18.5 (semver)
Affected: 1.19.0 , < 1.19.5 (semver)
Affected: 1.20.0 , < 1.20.3 (semver)
    cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*
Create a notification for this product.
elixir-plug plug Affected: f26876aa67aaeb38e616638aa3efbcc2fe2906a5 , < * (git)
    cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Peter Ullrich José Valim Jonatan Männchen
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-56813",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-10T14:43:36.298825Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-10T14:43:45.849Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.hex.pm",
          "cpes": [
            "cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "modules": [
            "\u0027Elixir.Plug.Conn.Cookies\u0027",
            "\u0027Elixir.Plug.Conn\u0027"
          ],
          "packageName": "plug",
          "packageURL": "pkg:hex/plug",
          "product": "plug",
          "programFiles": [
            "lib/plug/conn/cookies.ex"
          ],
          "programRoutines": [
            {
              "name": "\u0027Elixir.Plug.Conn.Cookies\u0027:encode/2"
            },
            {
              "name": "\u0027Elixir.Plug.Conn\u0027:put_resp_cookie/4"
            }
          ],
          "repo": "https://github.com/elixir-plug/plug",
          "vendor": "elixir-plug",
          "versions": [
            {
              "lessThan": "1.16.6",
              "status": "affected",
              "version": "0.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.17.4",
              "status": "affected",
              "version": "1.17.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.5",
              "status": "affected",
              "version": "1.18.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.19.5",
              "status": "affected",
              "version": "1.19.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.20.3",
              "status": "affected",
              "version": "1.20.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://github.com",
          "cpes": [
            "cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "modules": [
            "\u0027Elixir.Plug.Conn.Cookies\u0027",
            "\u0027Elixir.Plug.Conn\u0027"
          ],
          "packageName": "elixir-plug/plug",
          "packageURL": "pkg:github/elixir-plug/plug",
          "product": "plug",
          "programFiles": [
            "lib/plug/conn/cookies.ex"
          ],
          "programRoutines": [
            {
              "name": "\u0027Elixir.Plug.Conn.Cookies\u0027:encode/2"
            },
            {
              "name": "\u0027Elixir.Plug.Conn\u0027:put_resp_cookie/4"
            }
          ],
          "repo": "https://github.com/elixir-plug/plug",
          "vendor": "elixir-plug",
          "versions": [
            {
              "changes": [
                {
                  "at": "3f00dfad4e20ba88472e315c90a25742bf178f8e",
                  "status": "unaffected"
                },
                {
                  "at": "a6d1248659022749869963fd302687165ecf8c8b",
                  "status": "unaffected"
                },
                {
                  "at": "4167981747fe9ce75f374b94a28861ae950ea992",
                  "status": "unaffected"
                },
                {
                  "at": "149d9ed68fee0b4f77efd1e835ce5d785856697b",
                  "status": "unaffected"
                },
                {
                  "at": "eceb8315ce9a31ef784943a95a8624ebd1bc7e06",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "f26876aa67aaeb38e616638aa3efbcc2fe2906a5",
              "versionType": "git"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.16.6",
                  "versionStartIncluding": "0.1.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.17.4",
                  "versionStartIncluding": "1.17.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.18.5",
                  "versionStartIncluding": "1.18.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.19.5",
                  "versionStartIncluding": "1.19.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.20.3",
                  "versionStartIncluding": "1.20.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "AND"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Peter Ullrich"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Jos\u00e9 Valim"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Jonatan M\u00e4nnchen"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allows an attacker to inject or override HTTP cookie attributes.\u003c/p\u003e\u003cp\u003eThe \u003ctt\u003ePlug.Conn.Cookies.encode/2\u003c/tt\u003e function in \u003ctt\u003elib/plug/conn/cookies.ex\u003c/tt\u003e builds the \u003ctt\u003eSet-Cookie\u003c/tt\u003e response header by interpolating the cookie value and its \u003ctt\u003epath\u003c/tt\u003e, \u003ctt\u003edomain\u003c/tt\u003e, \u003ctt\u003esame_site\u003c/tt\u003e, and \u003ctt\u003eextra\u003c/tt\u003e attributes directly into the header without neutralizing the \u003ctt\u003e;\u003c/tt\u003e delimiter that separates cookie attributes.\u003c/p\u003e\u003cp\u003eAn application that places attacker-controlled data into a cookie value or attribute (for example via \u003ctt\u003ePlug.Conn.put_resp_cookie/4\u003c/tt\u003e when reflecting a username or preference) lets an attacker inject a \u003ctt\u003e;\u003c/tt\u003e to append or override cookie attributes (such as \u003ctt\u003eDomain\u003c/tt\u003e and \u003ctt\u003ePath\u003c/tt\u003e scope, or dropping the \u003ctt\u003eSecure\u003c/tt\u003e and \u003ctt\u003eHttpOnly\u003c/tt\u003e flags), enabling cookie tossing and session fixation. Carriage return, line feed, and null bytes are rejected by \u003ctt\u003ePlug.Conn\u003c/tt\u003e header validation, so HTTP response splitting is not possible, but attribute injection through \u003ctt\u003e;\u003c/tt\u003e is not prevented.\u003c/p\u003e\u003cp\u003eThis issue affects plug: from 0.1.0 before 1.16.6, from 1.17.0 before 1.17.4, from 1.18.0 before 1.18.5, from 1.19.0 before 1.19.5, from 1.20.0 before 1.20.3.\u003c/p\u003e"
            }
          ],
          "value": "Improper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allows an attacker to inject or override HTTP cookie attributes.\n\nThe Plug.Conn.Cookies.encode/2 function in lib/plug/conn/cookies.ex builds the Set-Cookie response header by interpolating the cookie value and its path, domain, same_site, and extra attributes directly into the header without neutralizing the \u0027;\u0027 delimiter that separates cookie attributes.\n\nAn application that places attacker-controlled data into a cookie value or attribute (for example via Plug.Conn.put_resp_cookie/4 when reflecting a username or preference) lets an attacker inject a \u0027;\u0027 to append or override cookie attributes (such as Domain and Path scope, or dropping the Secure and HttpOnly flags), enabling cookie tossing and session fixation. Carriage return, line feed, and null bytes are rejected by Plug.Conn header validation, so HTTP response splitting is not possible, but attribute injection through \u0027;\u0027 is not prevented.\n\nThis issue affects plug: from 0.1.0 before 1.16.6, from 1.17.0 before 1.17.4, from 1.18.0 before 1.18.5, from 1.19.0 before 1.19.5, from 1.20.0 before 1.20.3."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-61",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-61 Session Fixation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 2.1,
            "baseSeverity": "LOW",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-141",
              "description": "CWE-141 Improper Neutralization of Parameter/Argument Delimiters",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-10T14:45:34.174Z",
        "orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
        "shortName": "EEF"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "related"
          ],
          "url": "https://github.com/elixir-plug/plug/security/advisories/GHSA-wpmj-jh88-rpgm"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://cna.erlef.org/cves/CVE-2026-56813.html"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://osv.dev/vulnerability/EEF-CVE-2026-56813"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/elixir-plug/plug/commit/c6575800b2c4e15af1904df87522ca8a23da020c"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Cookie attribute injection in Plug.Conn.Cookies.encode/2",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eValidate or reject the \u003ctt\u003e;\u003c/tt\u003e delimiter in any untrusted data before passing it as a cookie value or attribute to \u003ctt\u003ePlug.Conn.put_resp_cookie/4\u003c/tt\u003e or \u003ctt\u003ePlug.Conn.Cookies.encode/2\u003c/tt\u003e. Carriage return, line feed, and null bytes are already rejected by \u003ctt\u003ePlug.Conn\u003c/tt\u003e header validation.\u003c/p\u003e"
            }
          ],
          "value": "Validate or reject the \u0027;\u0027 delimiter in any untrusted data before passing it as a cookie value or attribute to Plug.Conn.put_resp_cookie/4 or Plug.Conn.Cookies.encode/2. Carriage return, line feed, and null bytes are already rejected by Plug.Conn header validation."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
    "assignerShortName": "EEF",
    "cveId": "CVE-2026-56813",
    "datePublished": "2026-07-10T12:51:08.758Z",
    "dateReserved": "2026-06-23T12:29:02.507Z",
    "dateUpdated": "2026-07-10T14:45:34.174Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-56813",
      "date": "2026-07-11",
      "epss": "0.00146",
      "percentile": "0.04256"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-56813\",\"sourceIdentifier\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\",\"published\":\"2026-07-10T13:16:20.663\",\"lastModified\":\"2026-07-10T17:56:00.910\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allows an attacker to inject or override HTTP cookie attributes.\\n\\nThe Plug.Conn.Cookies.encode/2 function in lib/plug/conn/cookies.ex builds the Set-Cookie response header by interpolating the cookie value and its path, domain, same_site, and extra attributes directly into the header without neutralizing the \u0027;\u0027 delimiter that separates cookie attributes.\\n\\nAn application that places attacker-controlled data into a cookie value or attribute (for example via Plug.Conn.put_resp_cookie/4 when reflecting a username or preference) lets an attacker inject a \u0027;\u0027 to append or override cookie attributes (such as Domain and Path scope, or dropping the Secure and HttpOnly flags), enabling cookie tossing and session fixation. Carriage return, line feed, and null bytes are rejected by Plug.Conn header validation, so HTTP response splitting is not possible, but attribute injection through \u0027;\u0027 is not prevented.\\n\\nThis issue affects plug: from 0.1.0 before 1.16.6, from 1.17.0 before 1.17.4, from 1.18.0 before 1.18.5, from 1.19.0 before 1.19.5, from 1.20.0 before 1.20.3.\"}],\"affected\":[{\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\",\"affectedData\":[{\"vendor\":\"elixir-plug\",\"product\":\"plug\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://repo.hex.pm\",\"packageName\":\"plug\",\"cpes\":[\"cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*\"],\"modules\":[\"\u0027Elixir.Plug.Conn.Cookies\u0027\",\"\u0027Elixir.Plug.Conn\u0027\"],\"programFiles\":[\"lib/plug/conn/cookies.ex\"],\"programRoutines\":[{\"name\":\"\u0027Elixir.Plug.Conn.Cookies\u0027:encode/2\"},{\"name\":\"\u0027Elixir.Plug.Conn\u0027:put_resp_cookie/4\"}],\"repo\":\"https://github.com/elixir-plug/plug\",\"packageURL\":\"pkg:hex/plug\",\"versions\":[{\"version\":\"0.1.0\",\"lessThan\":\"1.16.6\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.17.0\",\"lessThan\":\"1.17.4\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.18.0\",\"lessThan\":\"1.18.5\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.19.0\",\"lessThan\":\"1.19.5\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.20.0\",\"lessThan\":\"1.20.3\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"elixir-plug\",\"product\":\"plug\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://github.com\",\"packageName\":\"elixir-plug/plug\",\"cpes\":[\"cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*\"],\"modules\":[\"\u0027Elixir.Plug.Conn.Cookies\u0027\",\"\u0027Elixir.Plug.Conn\u0027\"],\"programFiles\":[\"lib/plug/conn/cookies.ex\"],\"programRoutines\":[{\"name\":\"\u0027Elixir.Plug.Conn.Cookies\u0027:encode/2\"},{\"name\":\"\u0027Elixir.Plug.Conn\u0027:put_resp_cookie/4\"}],\"repo\":\"https://github.com/elixir-plug/plug\",\"packageURL\":\"pkg:github/elixir-plug/plug\",\"versions\":[{\"version\":\"f26876aa67aaeb38e616638aa3efbcc2fe2906a5\",\"lessThan\":\"*\",\"versionType\":\"git\",\"status\":\"affected\",\"changes\":[{\"at\":\"3f00dfad4e20ba88472e315c90a25742bf178f8e\",\"status\":\"unaffected\"},{\"at\":\"a6d1248659022749869963fd302687165ecf8c8b\",\"status\":\"unaffected\"},{\"at\":\"4167981747fe9ce75f374b94a28861ae950ea992\",\"status\":\"unaffected\"},{\"at\":\"149d9ed68fee0b4f77efd1e835ce5d785856697b\",\"status\":\"unaffected\"},{\"at\":\"eceb8315ce9a31ef784943a95a8624ebd1bc7e06\",\"status\":\"unaffected\"}]}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":2.1,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-07-10T14:43:36.298825Z\",\"id\":\"CVE-2026-56813\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-141\"}]}],\"references\":[{\"url\":\"https://cna.erlef.org/cves/CVE-2026-56813.html\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://github.com/elixir-plug/plug/commit/c6575800b2c4e15af1904df87522ca8a23da020c\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://github.com/elixir-plug/plug/security/advisories/GHSA-wpmj-jh88-rpgm\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://osv.dev/vulnerability/EEF-CVE-2026-56813\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"}]}}"
  }
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…