CVE-2026-56810
mint buffers an entire chunked response chunk in memory in Mint.HTTP1.decode_body/5
Description
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint (Mint.HTTP1 module) allows a denial of service via an oversized chunked transfer-encoded response. This vulnerability is associated with program files lib/mint/http1.ex and program routines 'Elixir.Mint.HTTP1':decode_body/5, 'Elixir.Mint.HTTP1':add_body_to_buffer/2. When Mint decodes a chunked HTTP response body, it accumulates each partial fragment of the current chunk in the connection's data_buffer (an unbounded iolist) via add_body_to_buffer/2 and does not emit the data to the caller until the full declared chunk length has been received. The chunk size is taken directly from the server and parsed with no upper bound, so a malicious or compromised server can announce one enormous chunk (for example a size line of 7FFFFFFF, about 2 GiB) and then send the body bytes slowly without ever completing the chunk. The client buffers every received byte while it waits for a completion that never arrives, and because no data responses are produced until the chunk finishes, a caller that otherwise streams large content-length bodies safely gains no protection. An unauthenticated remote server (reachable whenever a client follows redirects, fetches user-supplied URLs, or processes webhooks) can drive the client's memory arbitrarily high and trigger an out-of-memory condition. This issue affects mint: from 0.5.0 before 1.9.1.
INFO
Published Date :
July 6, 2026, 11:16 a.m.
Last Modified :
July 6, 2026, 11:16 a.m.
Remotely Exploit :
Yes !
Source :
6b3ad84c-e1a6-4bf7-a703-f496b71e49db
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 4.0 | HIGH | 6b3ad84c-e1a6-4bf7-a703-f496b71e49db | ||||
| CVSS 4.0 | HIGH | 6b3ad84c-e1a6-4bf7-a703-f496b71e49db |
Solution
- Update the mint library to version 1.9.1 or newer.
- Apply input validation for chunk sizes.
- Implement resource limits for data buffering.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-56810.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-56810 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-56810
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-56810 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2026-56810 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Jul. 06, 2026
Action Type Old Value New Value Added Affected [{'cpes': ['cpe:2.3:a:elixir-mint:mint:*:*:*:*:*:*:*:*'], 'repo': 'https://github.com/elixir-mint/mint', 'vendor': 'elixir-mint', 'modules': ["'Elixir.Mint.HTTP1'"], 'product': 'mint', 'versions': [{'status': 'affected', 'version': '0.5.0', 'lessThan': '1.9.1', 'versionType': 'semver'}], 'packageURL': 'pkg:hex/mint', 'packageName': 'mint', 'programFiles': ['lib/mint/http1.ex'], 'collectionURL': 'https://repo.hex.pm', 'defaultStatus': 'unaffected', 'programRoutines': [{'name': "'Elixir.Mint.HTTP1':decode_body/5"}, {'name': "'Elixir.Mint.HTTP1':add_body_to_buffer/2"}]}, {'cpes': ['cpe:2.3:a:elixir-mint:mint:*:*:*:*:*:*:*:*'], 'repo': 'https://github.com/elixir-mint/mint', 'vendor': 'elixir-mint', 'modules': ["'Elixir.Mint.HTTP1'"], 'product': 'mint', 'versions': [{'status': 'affected', 'version': 'c575d819d39ebf7e9b77ec24584a5ffbb11c844e', 'lessThan': '193ce714907d16e8adc4ab3c40e4f0c2f045b2a6', 'versionType': 'git'}], 'packageURL': 'pkg:github/elixir-mint/mint', 'packageName': 'elixir-mint/mint', 'programFiles': ['lib/mint/http1.ex'], 'collectionURL': 'https://github.com', 'defaultStatus': 'unaffected', 'programRoutines': [{'name': "'Elixir.Mint.HTTP1':decode_body/5"}, {'name': "'Elixir.Mint.HTTP1':add_body_to_buffer/2"}]}] Added Description Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint (Mint.HTTP1 module) allows a denial of service via an oversized chunked transfer-encoded response. This vulnerability is associated with program files lib/mint/http1.ex and program routines 'Elixir.Mint.HTTP1':decode_body/5, 'Elixir.Mint.HTTP1':add_body_to_buffer/2. When Mint decodes a chunked HTTP response body, it accumulates each partial fragment of the current chunk in the connection's data_buffer (an unbounded iolist) via add_body_to_buffer/2 and does not emit the data to the caller until the full declared chunk length has been received. The chunk size is taken directly from the server and parsed with no upper bound, so a malicious or compromised server can announce one enormous chunk (for example a size line of 7FFFFFFF, about 2 GiB) and then send the body bytes slowly without ever completing the chunk. The client buffers every received byte while it waits for a completion that never arrives, and because no data responses are produced until the chunk finishes, a caller that otherwise streams large content-length bodies safely gains no protection. An unauthenticated remote server (reachable whenever a client follows redirects, fetches user-supplied URLs, or processes webhooks) can drive the client's memory arbitrarily high and trigger an out-of-memory condition. This issue affects mint: from 0.5.0 before 1.9.1. Added CVSS V4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Added CWE CWE-770 Added Reference https://cna.erlef.org/cves/CVE-2026-56810.html Added Reference https://github.com/elixir-mint/mint/commit/193ce714907d16e8adc4ab3c40e4f0c2f045b2a6 Added Reference https://github.com/elixir-mint/mint/security/advisories/GHSA-c59h-fq4p-r36r Added Reference https://osv.dev/vulnerability/EEF-CVE-2026-56810