CVE-2026-58226

Severity CVSS v4.0:
HIGH
Type:
Unavailable / Other
Publication date:
06/07/2026
Last modified:
06/07/2026

Description

Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding.<br /> <br /> hpax decodes HPACK variable-length integers with no upper bound on the decoded value or the number of continuation octets. &amp;#39;Elixir.HPAX.Types&amp;#39;:decode_remaining_integer/3 accumulates the integer as int + (value