Jul 10, 2026·5 min read·2 visits
Case-sensitive header filtering in Tesla's FollowRedirects middleware fails to strip credentials like 'Authorization' during cross-origin redirects if they contain uppercase characters, leading to token leakage to untrusted hosts.
A high-severity security vulnerability in Elixir's Tesla HTTP client library (CVE-2026-48595) allows unauthenticated remote attackers to harvest sensitive credentials, including Authorization headers and cookies. The flaw resides in the 'Tesla.Middleware.FollowRedirects' component, which performs case-sensitive lookups when stripping credentials during cross-origin redirects. Because HTTP headers are case-insensitive by RFC specifications, standard canonical casing (e.g., 'Authorization') bypasses the lowercase-only blocklist, leaking tokens to untrusted external redirect destinations.
The Elixir HTTP client library Tesla provides an extensible system of pluggable middleware to intercept and modify outgoing requests and incoming responses. Among these, the 'Tesla.Middleware.FollowRedirects' middleware is widely deployed to automate the handling of HTTP redirect status codes. To ensure standard secure transport practices, this middleware is engineered to strip sensitive authorization materials and routing metadata when transitioning from an authorized source to an external, cross-origin host.
However, a design oversight in version 1.4.0 through 1.18.2 exposed users to credential exposure risks. The validation routine implemented to drop sensitive headers relied on strict case-sensitive comparisons against a hardcoded lowercase blocklist. Because Elixir preservation rules keep the casing of headers as defined by callers, common canonical headers bypassed this sanitation step completely.
This vulnerability is classified under CWE-178 (Improper Handling of Case Sensitivity). If an application communicates with services that support user-supplied URLs or suffer from open redirect flaws, an attacker can manipulate the destination target to capture the intact authentication headers.
To understand the core flaw, it is necessary to examine how Elixir's Tesla maps HTTP state. Inside the %Tesla.Env{} structure, HTTP headers are represented as an ordered list of two-element tuples, where each tuple contains a header key and its associated value. To guarantee compatibility with lower-level adapters, Tesla retains the precise capitalization provided during request initialization.
According to HTTP RFC 9110, header field names must be treated as case-insensitive. However, the pre-patch middleware implementation assessed filter eligibility using standard Elixir list membership semantics. Specifically, the line k not in @filter_headers executed a direct equality evaluation against the lowercase-only list ["authorization", "host"].
Because the string comparison did not normalize the character case of the runtime headers, any keys possessing capital letters failed the lookup block. The comparison "Authorization" not in ["authorization", "host"] returned true, meaning the header was kept instead of being filtered out. Consequently, the client library successfully transmitted the intact header to the subsequent redirect target.
The vulnerable version of the library defined a static module attribute @filter_headers and processed keys through a basic filter operation. The block below showcases the original, inadequate validation loop:
# PRE-PATCH VULNERABLE LOGIC
@filter_headers ["authorization", "host"]
defp filter_headers(env, prev, next) do
if next.host != prev.host || next.port != prev.port || next.scheme != prev.scheme do
%{env | headers: Enum.filter(env.headers, fn {k, _} -> k not in @filter_headers end)}
else
env
end
endThe patched code introduces a robust, RFC-compliant architecture. By converting input keys to lowercase during evaluation, the application establishes case-insensitivity regardless of how callers capitalized the key names:
# PATCHED LOGIC - COMMIT db963dba67651b9abd1fc420a1d9679cf6efe182
@always_strip ~w(
connection keep-alive proxy-connection te trailer transfer-encoding upgrade
if-match if-modified-since if-none-match if-range if-unmodified-since
)
@cross_origin_strip ~w(
authorization cookie host origin proxy-authorization referer
)
defp filter_headers(env, prev, next, status) do
drop =
@always_strip
|> add_if(cross_origin?(prev, next), @cross_origin_strip)
|> add_if(method_changes?(status), @method_change_strip)
%{env | headers: Enum.reject(env.headers, &dropped?(&1, drop))}
end
defp dropped?({key, _value}, drop), do: String.downcase(key) in dropThe helper function dropped?/2 uses String.downcase(key) before executing the membership check. Furthermore, the expansion of the filter blocklist ensures conformity with RFC 9110 §15.4 directives, preventing secondary exposures of caching validators and hop-by-hop credentials.
Exploiting this vulnerability relies on an attacker's ability to trigger or manipulate a cross-origin redirect sequence. This pattern is common in applications processing webhooks, interacting with federated APIs, or handling user-influenced file URLs. The following diagram illustrates the sequence of the attack flow:
In a real-world vector, the Elixir client initiates an API request with canonical credentials, such as [{"Authorization", "Bearer token_xyz"}]. The target endpoint issues an HTTP 302 redirect pointing to http://attacker-controlled.com/. Because the domain differs, the middleware attempts to filter the headers but fails due to the uppercase 'A'.
The subsequent request to the attacker's server contains the original header, allowing the attacker to capture the credential. A proof-of-concept repository demonstrating this flow and detailing verification scaffolding is accessible at https://github.com/jenniferreire26/CVE-2026-48595.
The vulnerability carries a CVSS 4.0 base score of 8.2, reflecting high confidentiality impact. A successful exploitation allows external adversaries to intercept active session tokens, OAuth bearer strings, and cookie values.
With these credentials, the adversary can impersonate the affected service, elevate privileges, or compromise secondary APIs. The attack requires no prior authentication and can be completed entirely over the network.
While the probability of exploitation remains moderate depending on the design of internal API architectures, the risk is elevated for applications interacting with dynamic third-party resources. Given that most developer toolkits automatically generate capital-cased headers, the vast majority of deployments remain susceptible prior to applying updates.
Upgrading the tesla dependency to version 1.18.3 resolves this vulnerability permanently. This release incorporates the downcased header logic and expands the RFC blocklists to prevent credential leakages. Security teams should enforce this dependency constraint inside their Elixir projects.
If updating the library is temporarily blocked, developers can implement a custom pipeline plug to normalize all header keys to lowercase. By converting keys prior to hitting the FollowRedirects middleware, the case-sensitive filter routine evaluates the headers correctly:
defmodule MyApplication.HeaderSanitizer do
def normalize_headers(env, next) do
normalized = Enum.map(env.headers, fn {k, v} -> {String.downcase(k), v} end)
%{env | headers: normalized} |> Tesla.run(next)
end
endAdditionally, developers can manually define authorization parameters using strictly lowercase keys in their HTTP client calls. Doing so aligns the inputs with the legacy blocklist logic, enabling safe sanitization on redirection.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N| Product | Affected Versions | Fixed Version |
|---|---|---|
tesla elixir-tesla | >= 1.4.0, < 1.18.3 | 1.18.3 |
| Attribute | Detail |
|---|---|
| CWE ID | CWE-178 |
| Attack Vector | Network (Remote) |
| CVSS v4 Score | 8.2 (High) |
| EPSS Score | 0.00396 (0.40%) |
| Exploit Status | Proof of Concept (PoC) Publicly Available |
| CISA KEV Status | Not Listed |
The software does not account for case sensitivity variations when parsing, matching, or validating inputs, which can allow attackers to bypass security filters.
CVE-2026-48596 is an Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Request/Response Splitting, CWE-113) in the Elixir Tesla HTTP client. The flaw resides in how multipart content-type parameters are joined and serialized, enabling attackers to inject arbitrary headers or split HTTP requests when applications pass untrusted inputs to the parameters of multipart uploads.
An improper handling of highly compressed data (decompression bomb) vulnerability exists in the Elixir Tesla HTTP client when utilizing response decompression middlewares. By serving highly compressed responses or stacked content-encoding headers, a malicious server can cause arbitrary heap exhaustion, leading to a denial of service (DoS) crash in the BEAM virtual machine.
CVE-2026-48597 is a high-severity Denial of Service (DoS) vulnerability in the Elixir HTTP client library Tesla (specifically involving the Mint adapter) that allows an unauthenticated remote attacker to cause an unrecoverable crash of the Erlang Virtual Machine (BEAM). The flaw arises from the dynamic conversion of untrusted URL schemes into Erlang atoms without validation, leading to global atom table exhaustion.
An Improper Encoding or Escaping of Output vulnerability (CWE-116) in elixir-tesla allowed unauthenticated remote code execution or request smuggling via unescaped Content-Disposition parameters in multipart form-data requests.
CVE-2026-49851 is a high-severity algorithmic complexity vulnerability in the Mistune Markdown parser. Under specific conditions involving dense, unmatched nesting of opening square brackets, the parser fallback loops degrade from linear execution time to a worst-case quadratic complexity. This allows unauthenticated remote attackers to trigger complete CPU exhaustion and subsequent Denial of Service with a highly compact payload.
An allocation of resources without limits or throttling vulnerability in the Elixir Mint HTTP client library allows malicious HTTP/2 servers to trigger memory exhaustion and application denial of service. The flaw exists because Mint fails to validate server-push concurrency limits during the receipt of PUSH_PROMISE frames, deferring validation to the HEADERS phase. This allows a server to reserve an unlimited number of streams in the client's memory map.