Resource Exhaustion Vulnerability in PhoenixStorybook by Phenixdigital
CVE-2026-8469

8.2HIGH

Key Information:

Vendor: Phenixdigital
Status: Phoenix Storybook
Vendor: CVE Published:; 20 May 2026

🔔 Create Phenixdigital Vulnerability Alert

What is CVE-2026-8469?

A resource exhaustion vulnerability within the PhoenixStorybook framework allows unauthenticated users to trigger denial-of-service conditions through the unverified allocation of BEAM atoms. Multiple handlers manipulate user-supplied event parameters directly via String.to_atom/1 without appropriate input validation, leading to the permanent allocation of atom entries in the BEAM atom table. When an attacker provides unique strings to the affected handlers, excessive entries can cause the atom table boundary to be reached, ultimately leading to failure of the BEAM node and taking down all applications tied to it. The vulnerability affects the product versions from 0.2.0 up to, but not including, 1.1.0.

Affected Version(s)

phoenix_storybook 0.2.0 < 1.1.0

phoenix_storybook 0228669d55c23a754d1ef11f49a32121129d5395 < 96d524690af0fe197a49f60d18e564a620b9ef81

References

https://github.com/phenixdigital/phoenix_storybook/securi...

vendor-advisoryrelated

https://cna.erlef.org/cves/CVE-2026-8469.html

https://osv.dev/vulnerability/EEF-CVE-2026-8469

CVSS V4

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2026
Vulnerability Reserved
May 13, 2026

Credit

Peter Ullrich

Christian Blavier

Jonatan Männchen

CVE-2026-8469 Data

JSON