CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad



CVE-2026-48594

CVE-2026-48594: Decompression Bomb Denial of Service in Elixir Tesla HTTP Client

Amit Schendel
Amit Schendel
Senior Security Researcher

Jul 10, 2026·6 min read·1 visit

Executive Summary (TL;DR)

Unrestricted decompression and recursive codec handling in Tesla's decompression middleware allow remote servers to trigger heap exhaustion and BEAM VM crashes via tiny, highly compressed response payloads.

An improper handling of highly compressed data (decompression bomb) vulnerability exists in the Elixir Tesla HTTP client when utilizing response decompression middlewares. By serving highly compressed responses or stacked content-encoding headers, a malicious server can cause arbitrary heap exhaustion, leading to a denial of service (DoS) crash in the BEAM virtual machine.

Vulnerability Overview

Tesla is an extensible HTTP client library for the Elixir programming language, commonly used to make API calls and process external requests. To simplify content handling, Tesla provides plug-in middlewares such as Tesla.Middleware.DecompressResponse and Tesla.Middleware.Compression to automatically inflate compressed responses. These middlewares analyze headers such as Content-Encoding and transparently decompress payloads encoded via gzip or deflate.

The vulnerability, designated as CVE-2026-48594, resides within the eager and unconstrained nature of this decompression mechanism. When an Elixir application utilizes these middlewares to fetch remote assets, the client exposes a network-facing attack surface. If the destination server is malicious or compromised, it can return carefully designed, highly compressed payloads that cause immediate resource exhaustion.

This security flaw belongs to the class of Improper Handling of Highly Compressed Data, also known as a decompression bomb or a ZIP bomb (CWE-409). The primary impact is a severe Denial of Service (DoS) of the Erlang Runtime System (BEAM) due to uncontrolled heap memory allocation. Because the BEAM VM handles multiple concurrent processes within a shared OS process memory space, a major allocation spike can terminate the entire virtual machine instance.

Root Cause Analysis

The fundamental flaw in Tesla versions prior to 1.18.3 is the absence of an upper bound on decompressed binary sizes combined with the support for recursive decompression of nested encodings. During the execution of the response pipeline, the middleware parses the content-encoding header into an array of codecs. It then iterates recursively over this list, sequentially running decompression passes on the cumulative intermediate output binaries.

The pre-patched implementation of decompress_body/2 utilized one-shot Erlang :zlib API functions, specifically :zlib.gunzip/1 and :zlib.unzip/1. These functions inflate the entirety of the compressed payload directly into process memory without executing incremental checks or streaming chunks. Consequently, there is no opportunity for the calling process to halt decompression if the output exceeds safety thresholds.

By stacking multiple codecs in the header, such as Content-Encoding: gzip, gzip, an attacker forces the middleware into a nested decompression loop. This design flaw converts linear input growth into exponential memory consumption ($O(N^K)$), where $K$ is the number of codec layers. A single 500-byte wire payload can expand to several gigabytes of raw binary data within three iterations, immediately depleting the allocated memory of the active process.

Code-Level Walkthrough

The vulnerability is best understood by contrasting the pre-patch logic in lib/tesla/middleware/compression.ex with the remediation logic introduced in version 1.18.3. In the vulnerable version, recursive passes were performed directly on the binary body with no state tracking of length limits.

# Vulnerable Implementation (Pre-1.18.3)
defp decompress_body([gzip | rest], body) when gzip in ["gzip", "x-gzip"] do
  # One-shot expansion of the entire body without limit checks
  decompress_body(rest, :zlib.gunzip(body))
end
 
defp decompress_body(["deflate" | rest], body) do
  decompress_body(rest, :zlib.unzip(body))
end

The fix commit 340f75b5d191dc747ef7ac6365bd002d1cd55a9d introduces a streaming decompression wrapper around Erlang's :zlib library. It uses :zlib.safeInflate/2 in a recursive loop (drain_inflate/4) to parse chunks. This function tracks cumulative byte lengths and matches them against a user-configured :max_body_size constraint.

# Patched Implementation (1.18.3+)
defp inflate(body, window_bits, max_body_size) do
  z = :zlib.open()
  try do
    :zlib.inflateInit(z, window_bits)
    result = start_inflate(z, body, max_body_size)
    :zlib.inflateEnd(z)
    result
  catch
    :error, :data_error ->
      reraise Error, [reason: {:zlib, :data_error}], __STACKTRACE__
  after
    :zlib.close(z)
  end
end
 
defp start_inflate(z, body, max_body_size) do
  case :zlib.safeInflate(z, body) do
    {:finished, output} ->
      size = IO.iodata_length(output)
      ensure_within_limit!(size, max_body_size)
      IO.iodata_to_binary(output)
    {:continue, output} ->
      size = IO.iodata_length(output)
      ensure_within_limit!(size, max_body_size)
      drain_inflate(z, max_body_size, size, [output])
  end
end

Additionally, the patch implements strict verification of the parsed Content-Encoding headers. It limits the total number of recognized codecs to a maximum of one. If count_known_codecs(codecs) returns a value greater than 1, the pipeline raises a :multiple_codecs error and terminates, blocking stacked decompression attacks entirely.

Exploitation and Attack Methodology

An attacker can weaponize this vulnerability against any Elixir application that issues HTTP client requests to external, user-controlled targets. Typical scenarios include applications implementing SSRF-susceptible features such as webhook deliveries, link preview generation, scrape requests, or proxying mechanisms. The prerequisite is that the active Tesla pipeline must include the Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression plugs.

The attack flow is represented in the diagram below:

To construct the payload, the attacker compiles a file consisting of repeating byte sequences, such as a large block of null bytes (0x00). This file is compressed with aggressive options to achieve maximum density. The attacker then wraps this compressed file in a second layer of gzip compression, producing a tiny, nested decompression payload (e.g., 500 bytes on disk, expanding to several gigabytes).

The malicious server is configured to deliver this payload alongside a custom Content-Encoding: gzip, gzip header. When the Elixir client initiates the connection and receives the headers, the decompression middleware parses the stacked values. As the middleware executes consecutive passes of :zlib.gunzip/1 on the BEAM heap, the process consumes all available physical memory, forcing the operating system to invoke the Out-Of-Memory (OOM) killer to terminate the Elixir application.

Impact Assessment

The impact of exploiting CVE-2026-48594 is categorized as a High Availability compromise. While the vulnerability does not directly permit Remote Code Execution (RCE) or Information Disclosure, the resulting Denial of Service is highly disruptive. Because the BEAM VM executes multi-tenant workflows or distributed node architectures within a single OS-level process, an OOM crash of the primary VM shuts down all sibling services and concurrent processes.

The CVSS v4.0 score of 8.2 reflects a high availability impact coupled with a low attack complexity. Because no authentication or user interaction is required, an automated script can systematically trigger the crash by registering malicious webhooks or entering hostile URLs. This predictability makes the bug an appealing target for malicious actors seeking to disrupt critical infrastructure.

Furthermore, if the application is deployed within an auto-scaling container environment, such as Kubernetes, recurring crashes can lead to a CrashLoopBackOff state. The repeated cycle of containers crashing, restarting, fetching the same payload, and crashing again can cascade upstream. This pattern drains container orchestration resources and incurs massive infrastructure expenses.

Remediation and Mitigation Guidance

Remediation of this vulnerability requires upgrading the tesla library to version 1.18.3 or higher. This update introduces the necessary runtime protections and deprecates unsafe one-shot decompression behaviors. During the build phase, developers must ensure that the outdated versions are removed from the lockfile.

# Safe Configuration Example
defmodule SecureClient do
  use Tesla
 
  # Configured with a strict maximum decompressed body size
  plug Tesla.Middleware.DecompressResponse, max_body_size: 10_485_760 # 10 MB limit
end

If upgrading immediately is not feasible, several defensive workarounds can be implemented. Developers can remove the DecompressResponse or Compression middlewares from active client pipelines and handle decompression manually with size-constrained stream decoders. Alternatively, network-level ingress firewalls can be configured to block or normalize HTTP response headers containing multiple Content-Encoding declarations.

Official Patches

elixir-teslaGHSA-mc85-72gr-vm9f: Decompression Bomb DoS Vulnerability in Elixir Tesla HTTP Client
elixir-teslaFix decompression vulnerability in Compression and DecompressResponse middlewares

Fix Analysis (1)

Technical Appendix

CVSS Score
8.2/ 10
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Probability
0.33%
Top 75% most exploited

Affected Systems

Elixir Applications deploying Tesla client pipelines with DecompressResponse or Compression middleware active.

Affected Versions Detail

Product
Affected Versions
Fixed Version
tesla
elixir-tesla
>= 0.6.0, < 1.18.31.18.3
AttributeDetail
CWE IDCWE-409
Attack VectorNetwork
CVSS Score8.2 (High)
EPSS Score0.00329 (Percentile: 24.87%)
ImpactDenial of Service (OOM Crash)
Exploit StatusTheoretical / Patch Analysis
KEV StatusNot Listed

MITRE ATT&CK Mapping

T1499.004Endpoint Denial of Service: System Resource Exhaustion
Impact
T1190Exploit Public-Facing Application
Initial Access
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)

The product does not sufficiently limit the size or quantity of output data when decompressing highly compressed input data.

Vulnerability Timeline

Vulnerability published and patch commit 340f75b5d191dc747ef7ac6365bd002d1cd55a9d merged.
2026-06-02
Tesla version 1.18.3 released on Hex.
2026-06-02
NVD database record updated with official references.
2026-06-17

References & Sources

  • [1]GitHub Advisory GHSA-mc85-72gr-vm9f
  • [2]Official Fix Commit
  • [3]CVE-2026-48594 Record
  • [4]NVD CVE-2026-48594 Details
  • [5]EEF/CNA Advisory Portal
  • [6]OSV Entry for EEF-CVE-2026-48594

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•14 minutes ago•CVE-2026-48596
2.1

CVE-2026-48596: Improper Neutralization of CRLF Sequences in Elixir Tesla Multipart HTTP Client

CVE-2026-48596 is an Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Request/Response Splitting, CWE-113) in the Elixir Tesla HTTP client. The flaw resides in how multipart content-type parameters are joined and serialized, enabling attackers to inject arbitrary headers or split HTTP requests when applications pass untrusted inputs to the parameters of multipart uploads.

Alon Barad
Alon Barad
1 views•6 min read
•about 1 hour ago•CVE-2026-48595
8.2

CVE-2026-48595: Cross-Origin Credential Leakage in Elixir Tesla Client via Case-Sensitive Redirect Filter Bypass

A high-severity security vulnerability in Elixir's Tesla HTTP client library (CVE-2026-48595) allows unauthenticated remote attackers to harvest sensitive credentials, including Authorization headers and cookies. The flaw resides in the 'Tesla.Middleware.FollowRedirects' component, which performs case-sensitive lookups when stripping credentials during cross-origin redirects. Because HTTP headers are case-insensitive by RFC specifications, standard canonical casing (e.g., 'Authorization') bypasses the lowercase-only blocklist, leaking tokens to untrusted external redirect destinations.

Alon Barad
Alon Barad
3 views•5 min read
•about 2 hours ago•CVE-2026-48597
8.2

CVE-2026-48597: Denial of Service via Atom Table Exhaustion in Elixir Tesla Client (Mint Adapter)

CVE-2026-48597 is a high-severity Denial of Service (DoS) vulnerability in the Elixir HTTP client library Tesla (specifically involving the Mint adapter) that allows an unauthenticated remote attacker to cause an unrecoverable crash of the Erlang Virtual Machine (BEAM). The flaw arises from the dynamic conversion of untrusted URL schemes into Erlang atoms without validation, leading to global atom table exhaustion.

Alon Barad
Alon Barad
3 views•8 min read
•about 2 hours ago•CVE-2026-48598
2.1

CVE-2026-48598: Multipart Part Header Injection and Request Smuggling in elixir-tesla

An Improper Encoding or Escaping of Output vulnerability (CWE-116) in elixir-tesla allowed unauthenticated remote code execution or request smuggling via unescaped Content-Disposition parameters in multipart form-data requests.

Amit Schendel
Amit Schendel
5 views•5 min read
•about 3 hours ago•CVE-2026-49851
7.5

CVE-2026-49851: Algorithmic Complexity Denial of Service in Mistune Markdown Parser

CVE-2026-49851 is a high-severity algorithmic complexity vulnerability in the Mistune Markdown parser. Under specific conditions involving dense, unmatched nesting of opening square brackets, the parser fallback loops degrade from linear execution time to a worst-case quadratic complexity. This allows unauthenticated remote attackers to trigger complete CPU exhaustion and subsequent Denial of Service with a highly compact payload.

Alon Barad
Alon Barad
8 views•6 min read
•about 3 hours ago•CVE-2026-48862
8.2

CVE-2026-48862: Unbounded Resource Allocation via HTTP/2 PUSH_PROMISE Flooding in Mint

An allocation of resources without limits or throttling vulnerability in the Elixir Mint HTTP client library allows malicious HTTP/2 servers to trigger memory exhaustion and application denial of service. The flaw exists because Mint fails to validate server-push concurrency limits during the receipt of PUSH_PROMISE frames, deferring validation to the HEADERS phase. This allows a server to reserve an unlimited number of streams in the client's memory map.

Amit Schendel
Amit Schendel
6 views•7 min read