CVE-2026-39806

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion. 'Elixir.Bandit.HTTP1.Socket':doreadchunkeddata!/5 in lib/bandit/http1/socket.ex terminates only when the last-chunk line 0\r\n is...

EUVD-2026-29950

Bandit: Unauthenticated one-shot DoS via Transfer-Encoding: chunked...

CVE-2026-39803

Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The chunked clause of 'Elixir.Bandit.HTTP1.Socket':readdata/2 in lib/bandit/http1/socket.ex ignores the caller-supplied :length option when...

CVE-2026-39806

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion. 'Elixir.Bandit.HTTP1.Socket':doreadchunkeddata!/5 in lib/bandit/http1/socket.ex terminates only when the last-chunk line 0\r\n is...

CVE-2026-39803 HTTP/1 chunked body reader ignores length cap in bandit

Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The chunked clause of 'Elixir.Bandit.HTTP1.Socket':readdata/2 in lib/bandit/http1/socket.ex ignores the caller-supplied :length option when...

PT-2026-40608

Name of the Vulnerable Software and Affected Versions bandit versions 1.6.1 through 1.11.0 Description An infinite loop in the do read chunked data!/5 function within lib/bandit/http1/socket.ex allows unauthenticated remote attackers to cause a denial of service via worker process exhaustion. The...

PT-2026-40607

Name of the Vulnerable Software and Affected Versions bandit versions 1.4.0 through 1.11.0 Description An unauthenticated remote attacker can cause a denial of service via memory exhaustion. The read data/2 function in Elixir.Bandit.HTTP1.Socket ignores the :length option when processing HTTP/1...

CVE-2026-39805

Inconsistent Interpretation of HTTP Requests vulnerability in mtrudel bandit allows HTTP request smuggling via duplicate Content-Length headers. 'Elixir.Bandit.Headers':getcontentlength/1 in lib/bandit/headers.ex uses List.keyfind/3, which returns only the first matching header. When a request...

CVE-2026-39805

CVE-2026-39805 describes an HTTP request smuggling flaw in Elixir Bandit (bandit) due to Bandit.Headers:get_content_length/1 using List.keyfind/3. If a request carries two Content-Length headers with different values, Bandit may read the body using the first value and dispatch the remaining bytes...

EEF-CVE-2026-39805 CL.CL HTTP request smuggling via duplicate Content-Length in bandit

Summary Inconsistent Interpretation of HTTP Requests vulnerability in mtrudel bandit allows HTTP request smuggling via duplicate Content-Length headers. 'Elixir.Bandit.Headers':getcontentlength/1 in lib/bandit/headers.ex uses List.keyfind/3, which returns only the first matching header. When a...

CVE-2026-42788

Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated memory exhaustion via oversized HTTP/2 frames. 'Elixir.Bandit.HTTP2.Frame':deserialize/2 in lib/bandit/http2/frame.ex checks the SETTINGSMAXFRAMESIZE limit only after pattern-matching...

PT-2026-36544

Name of the Vulnerable Software and Affected Versions bandit versions 0.3.6 through 1.10.x Description An issue in the deserialize/2 function within Elixir.Bandit.HTTP2.Frame allows unauthenticated memory exhaustion through oversized HTTP/2 frames. The system checks the SETTINGS MAX FRAME SIZE...