Lucene search
K

4 matches found

CVE
CVE
added 2026/05/25 2:0 p.m.130 views

CVE-2026-47076

CVE-2026-47076 affects the hackney HTTP client (from 0.13.0 up to, but not including, 4.0.1). The issue1 arises because hackney_url:normalize/2 decodes the host after parsing, while OTP’s uri_string:parse/1 and inet:parse_address/1 do not decode percent-escapes, allowing a crafted URL such as htt...

6.9CVSS5.8AI score0.00201EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/25 2:0 p.m.11 views

CVE-2026-47076 SSRF allowlist bypass via percent-encoded host in hackney

Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackneyurl:normalize/2 URL-decodes the host component after the URL has been parsed into a hackneyurl record. OTP's uristring:parse/1 and inet:parseaddress/1 do not decode percent-escapes in the host, so ...

6.9CVSS5.8AI score0.00201EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/25 2:0 p.m.35 views

CVE-2026-47076 SSRF allowlist bypass via percent-encoded host in hackney

Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackneyurl:normalize/2 URL-decodes the host component after the URL has been parsed into a hackneyurl record. OTP's uristring:parse/1 and inet:parseaddress/1 do not decode percent-escapes in the host, so ...

6.9CVSS0.00201EPSS
Exploits1References4
OSV
OSV
added 2026/05/25 2:0 p.m.10 views

EEF-CVE-2026-47076 SSRF allowlist bypass via percent-encoded host in hackney

Summary Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackneyurl:normalize/2 URL-decodes the host component after the URL has been parsed into a hackneyurl record. OTP's uristring:parse/1 and inet:parseaddress/1 do not decode percent-escapes in the...

6.9CVSS5.8AI score0.00201EPSS
Exploits1References4
Rows per page
Query Builder