EEF-CVE-2026-48862 Unbounded conn.streams growth in Mint HTTP/2 client via unenforced PUSH_PROMISE concurrency
Summary Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSH\PROMISE flooding. In lib/mint/http2.ex, Mint.HTTP2.decode\push\promise\headers\and\add\response/5 inserts a...