CVE-2026-54892 Plug: quadratic-time decoding of nested query/body parameters enables denial of service

🗓️ 23 Jun 2026 12:31:12Reported by EEFType

Plug nested parameter decoding enables unauthenticated DoS via quadratic-time parsing of nested parameters.

Reporter	Title	Published	Views	Family All 6
ATTACKERKB	CVE-2026-54892	23 Jun 202612:31	–	attackerkb
CVE	CVE-2026-54892	23 Jun 202612:31	–	cve
EUVD	EUVD-2026-38446	23 Jun 202612:31	–	euvd
NVD	CVE-2026-54892	23 Jun 202613:16	–	nvd
Positive Technologies	PT-2026-51499	23 Jun 202600:00	–	ptsecurity
Vulnrichment	CVE-2026-54892 Plug: quadratic-time decoding of nested query/body parameters enables denial of service	23 Jun 202612:31	–	vulnrichment

[
  {
    "collectionURL": "https://repo.hex.pm",
    "cpes": [
      "cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "modules": [
      "'Elixir.Plug.Conn.Query'"
    ],
    "packageName": "plug",
    "packageURL": "pkg:hex/plug",
    "product": "plug",
    "programFiles": [
      "lib/plug/conn/query.ex"
    ],
    "programRoutines": [
      {
        "name": "'Elixir.Plug.Conn.Query':decode/4"
      },
      {
        "name": "'Elixir.Plug.Conn.Query':decode_each/2"
      },
      {
        "name": "'Elixir.Plug.Conn.Query':split_keys/6"
      },
      {
        "name": "'Elixir.Plug.Conn.Query':insert_keys/3"
      },
      {
        "name": "'Elixir.Plug.Conn.Query':finalize_pointer/2"
      }
    ],
    "repo": "https://github.com/elixir-plug/plug",
    "vendor": "elixir-plug",
    "versions": [
      {
        "lessThan": "1.15.5",
        "status": "affected",
        "version": "1.15.0",
        "versionType": "semver"
      },
      {
        "lessThan": "1.16.4",
        "status": "affected",
        "version": "1.16.0",
        "versionType": "semver"
      },
      {
        "lessThan": "1.17.2",
        "status": "affected",
        "version": "1.17.0",
        "versionType": "semver"
      },
      {
        "lessThan": "1.18.3",
        "status": "affected",
        "version": "1.18.0",
        "versionType": "semver"
      },
      {
        "lessThan": "1.19.3",
        "status": "affected",
        "version": "1.19.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "collectionURL": "https://github.com",
    "cpes": [
      "cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "modules": [
      "'Elixir.Plug.Conn.Query'"
    ],
    "packageName": "elixir-plug/plug",
    "packageURL": "pkg:github/elixir-plug/plug",
    "product": "plug",
    "programFiles": [
      "lib/plug/conn/query.ex"
    ],
    "programRoutines": [
      {
        "name": "'Elixir.Plug.Conn.Query':decode/4"
      },
      {
        "name": "'Elixir.Plug.Conn.Query':decode_each/2"
      },
      {
        "name": "'Elixir.Plug.Conn.Query':split_keys/6"
      },
      {
        "name": "'Elixir.Plug.Conn.Query':insert_keys/3"
      },
      {
        "name": "'Elixir.Plug.Conn.Query':finalize_pointer/2"
      }
    ],
    "repo": "https://github.com/elixir-plug/plug",
    "vendor": "elixir-plug",
    "versions": [
      {
        "changes": [
          {
            "at": "c317d08fdcf96e17931f7419275b2b8c4bf3e951",
            "status": "unaffected"
          },
          {
            "at": "9c5d37c440eaae92869eed7c014c47266744fadb",
            "status": "unaffected"
          },
          {
            "at": "d737eb236f17e31a36290e39f9ef3cd86a1343bd",
            "status": "unaffected"
          },
          {
            "at": "d4e5568392a4b29e545b91e12e87d6098f976145",
            "status": "unaffected"
          },
          {
            "at": "a61124aa625d819a218fb07f90afbac8aa85eb0e",
            "status": "unaffected"
          }
        ],
        "lessThan": "*",
        "status": "affected",
        "version": "712b875d3442c765d8d37e546ffd5ad9f8afcc55",
        "versionType": "git"
      }
    ]
  }
]

Source	Link
github	www.github.com/elixir-plug/plug/commit/d737eb236f17e31a36290e39f9ef3cd86a1343bd
cna	www.cna.erlef.org/cves/CVE-2026-54892.html
github	www.github.com/elixir-plug/plug/commit/a61124aa625d819a218fb07f90afbac8aa85eb0e
github	www.github.com/elixir-plug/plug/security/advisories/GHSA-j43x-5hjq-rgxf
github	www.github.com/elixir-plug/plug/commit/9c5d37c440eaae92869eed7c014c47266744fadb
github	www.github.com/elixir-plug/plug/commit/d4e5568392a4b29e545b91e12e87d6098f976145
osv	www.osv.dev/vulnerability/EEF-CVE-2026-54892
github	www.github.com/elixir-plug/plug/commit/c317d08fdcf96e17931f7419275b2b8c4bf3e951

23 Jun 2026 12:31Current

CVSS 48.7

CWE-407