Resource Exhaustion Vulnerability in Mint by Elixir
CVE-2026-59246
6.3MEDIUM
What is CVE-2026-59246?
The Mint library in Elixir experiences a resource exhaustion vulnerability due to improper handling of HTTP/2 CONTINUATION frames. Attackers can exploit this flaw by sending an unbounded sequence of zero-length CONTINUATION frames, which accumulate in an ever-deepening nesting. This results in a gradual increase of memory consumption on the client side, ultimately leading to memory exhaustion and denial of service. The vulnerability is significant due to its potential for disruption when interacting with malicious HTTP/2 servers or through various network attack methods.
Affected Version(s)
mint 0.1.0 < 1.9.2
mint 596ca4304504be68939c4929e0831557097962b8 < 5779de1666344b32aefc4354184ea07f902f73ce
References
CVSS V4
Score:
6.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
zx (Jace)
Andrea Leopardi
Eric Meadows-Jönsson
Jonatan Männchen / EEF
