Denial-of-Service Vulnerability in MDEx by Leandrocp
CVE-2026-53426

8.2HIGH

Key Information:

Vendor: Leandrocp
Status: Mdex
Vendor: CVE Published:; 29 June 2026

What is CVE-2026-53426?

The MDEx library by Leandrocp is susceptible to a vulnerability that allows excessive allocation of atoms when processing JSON documents. This occurs in the MDEx.parse_document function when it handles attacker-controlled inputs, specifically node_type values. Each unique value creates a new atom that remains in memory, leading to potential exhaustion of the atom table in the Erlang VM. A crafted JSON with numerous distinct node_type values can crash the entire VM, resulting in denial-of-service for applications relying on this library. It is essential for developers to ensure untrusted input is validated and controlled to mitigate this risk.

Affected Version(s)

mdex 0.4.3 < 0.13.2

mdex cbb59a3f792dbc343873adec3466f49c853dc309 < 00fddf444220a1f1cc0af0a1cab6738804878387

References

https://github.com/leandrocp/mdex/security/advisories/GHS...

vendor-advisoryrelated

https://cna.erlef.org/cves/CVE-2026-53426.html

https://osv.dev/vulnerability/EEF-CVE-2026-53426

CVSS V4

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2026
Vulnerability Reserved
Jun 9, 2026

Credit

Peter Ullrich

Leandro Pereira

Jonatan Männchen / EEF

CVE-2026-53426 Data

JSON