Authorization Bypass in Phenix Digital's Phoenix Storybook
CVE-2026-47068

2.3LOW

Key Information:

Vendor: Phenixdigital
Status: Phoenix Storybook
Vendor: CVE Published:; 20 May 2026

🔔 Create Phenixdigital Vulnerability Alert

What is CVE-2026-47068?

The vulnerability in Phenix Digital's Phoenix Storybook allows attackers to exploit an authorization bypass through user-controlled parameters, enabling cross-session PubSub topic injections. When an attacker crafts a URL with a specific topic, the affected 'handle_params' function captures it without verifying ownership, resulting in messages sent to this unauthorized topic. As a consequence, the attacker can intercept and manipulate communications intended for legitimate users, posing significant security risks.

Affected Version(s)

phoenix_storybook 0.4.0 < 1.1.0

phoenix_storybook 8c2c97b0f505780fee4069988bf86736f51d35d7 < 6ee03f1c738d4436dde1b066cf65c80663d489f5

References

https://github.com/phenixdigital/phoenix_storybook/securi...

vendor-advisoryrelated

https://cna.erlef.org/cves/CVE-2026-47068.html

https://osv.dev/vulnerability/EEF-CVE-2026-47068

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2026
Vulnerability Reserved
May 18, 2026

Credit

Peter Ullrich

Christian Blavier

Jonatan Männchen

CVE-2026-47068 Data

JSON