Resource Exhaustion Vulnerability in Elixir Mint by Elixir
CVE-2026-58229

8.2HIGH

Key Information:

Status
Vendor
CVE Published:
14 July 2026

What is CVE-2026-58229?

A vulnerability in Elixir Mint allows a remote HTTP server to exhaust memory resources on the client host, potentially causing a denial of service. Due to the design of the Mint.HTTP1.decode_headers/5 and Mint.HTTP1.decode_trailer_headers/4 functions, the headers and trailer fields are accumulated without any limit. This flaw enables attackers to send an unlimited number of headers across TCP segments, ultimately overwhelming the memory until the application is terminated by the operating system's out-of-memory handler. This issue affects all Mint versions from 0.1.0 to below 1.9.2.

Affected Version(s)

mint 0.1.0 < 1.9.2

mint 3e6de4bac4821b0eb4d6109e8b1f3fb6458792c8 < 566d702e6f29105f77522ca7aabb9f64f2f4e333

References

CVSS V4

Score:
8.2
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

zx (Jace)
Andrea Leopardi
Eric Meadows-Jönsson
Jonatan Männchen / EEF
.