CVE-2026-47076

🗓️ 25 May 2026 14:00:46Reported by EEFType

SSRF in hackney enables allowlist bypass via percent-encoded host.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-47076	25 May 202614:00	–	attackerkb
CNNVD	Hackney 安全漏洞	25 May 202600:00	–	cnnvd
Cvelist	CVE-2026-47076 SSRF allowlist bypass via percent-encoded host in hackney	25 May 202614:00	–	cvelist
EUVD	EUVD-2026-31689	25 May 202614:00	–	euvd
NVD	CVE-2026-47076	25 May 202615:16	–	nvd
OSV	EEF-CVE-2026-47076 SSRF allowlist bypass via percent-encoded host in hackney	25 May 202614:00	–	osv
Positive Technologies	PT-2026-43072	25 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-47076	26 May 202620:14	–	redhatcve
Vulnrichment	CVE-2026-47076 SSRF allowlist bypass via percent-encoded host in hackney	25 May 202614:00	–	vulnrichment

NVD

CNA

Node

benoitc hackneyRange0.13.0–4.0.1

[
  {
    "collectionURL": "https://repo.hex.pm",
    "cpes": [
      "cpe:2.3:a:benoitc:hackney:*:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "modules": [
      "hackney_url"
    ],
    "packageName": "hackney",
    "packageURL": "pkg:hex/hackney",
    "product": "hackney",
    "programFiles": [
      "src/hackney_url.erl"
    ],
    "programRoutines": [
      {
        "name": "hackney_url:normalize/2"
      }
    ],
    "repo": "https://github.com/benoitc/hackney",
    "vendor": "benoitc",
    "versions": [
      {
        "lessThan": "4.0.1",
        "status": "affected",
        "version": "0.13.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "collectionURL": "https://github.com",
    "cpes": [
      "cpe:2.3:a:benoitc:hackney:*:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "modules": [
      "hackney_url"
    ],
    "packageName": "benoitc/hackney",
    "packageURL": "pkg:github/benoitc/hackney",
    "product": "hackney",
    "programFiles": [
      "src/hackney_url.erl"
    ],
    "programRoutines": [
      {
        "name": "hackney_url:normalize/2"
      }
    ],
    "repo": "https://github.com/benoitc/hackney",
    "vendor": "benoitc",
    "versions": [
      {
        "lessThan": "452620a92ec1da2e6b4862a049a2a4f04b42068f",
        "status": "affected",
        "version": "4d725507588942fd00efca15b86da3273656510a",
        "versionType": "git"
      }
    ]
  }
]

Source	Link
github	www.github.com/benoitc/hackney/security/advisories/GHSA-pj7v-xfvx-wmjq
github	www.github.com/benoitc/hackney/commit/452620a92ec1da2e6b4862a049a2a4f04b42068f
cna	www.cna.erlef.org/cves/CVE-2026-47076.html
osv	www.osv.dev/vulnerability/EEF-CVE-2026-47076

27 May 2026 15:41Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.16.5

CVSS 46.9

EPSS0.00014

SSVC