Jul 10, 2026·5 min read·4 visits
Unescaped carriage returns, line feeds, and double-quotes in elixir-tesla's multipart module allow multipart header injection and request smuggling.
An Improper Encoding or Escaping of Output vulnerability (CWE-116) in elixir-tesla allowed unauthenticated remote code execution or request smuggling via unescaped Content-Disposition parameters in multipart form-data requests.
The elixir-tesla library serves as a widely adopted HTTP client framework within the Elixir ecosystem, offering modular middleware and simple HTTP request building. One of its crucial components is the Tesla.Multipart module, which handles the serialization of multipart form-data. This format is commonly used to transfer binary file data and associated metadata to upstream web services.
When applications ingest file metadata from unauthenticated users and forward it downstream, they expose a highly sensitive interface. If the client library fails to escape structural characters, this dynamic user input can alter the overall structure of the HTTP multipart message body.
CVE-2026-48598 exposes an input-validation vulnerability classified as CWE-116 within this serialization pipeline. An attacker who controls metadata such as filenames can construct malicious inputs that break out of the header context. This flaw alters downstream boundary evaluations and allows subsequent header fields to be injected.
The underlying flaw resides within the private part_headers_for_disposition/1 function inside lib/tesla/multipart.ex. This function is responsible for iterating over a keyword list of disposition parameters and converting them into format-compliant headers. It serializes these parameters using simple string interpolation without performing escaping or sanitation.
Specifically, the function maps over key-value pairs using the pattern #{k}="#{v}". It joins the mapped values into a semicolon-delimited string and appends a single CRLF sequence to finalize the Content-Disposition line. If a parameter value contains a double-quote character, it prematurely terminates the quoted string boundary.
If the value contains carriage return or line feed characters, it ends the HTTP header line itself. The remaining injected payload is then interpreted as a distinct HTTP header or even a premature body boundary. This structural manipulation is illustrated in the diagram below.
To analyze the vulnerable implementation, observe how parameter values were directly concatenated without character verification in lib/tesla/multipart.ex prior to version 1.18.3:
def part_headers_for_disposition([]), do: []
def part_headers_for_disposition(kvs) do
ds =
kvs
# Vulnerable interpolation lacking escaping or validation
|> Enum.map(fn {k, v} -> "#{k}=\"#{v}\"" end)
|> Enum.join("; ")
["Content-Disposition: form-data; #{ds}\r\n"]
endThe initial remediation commit bb1a2c3da2775924d96e3db8e315dcc4d5d2246e mitigated this by introducing basic assertion helpers. These checks search for forbidden control characters and double-quotes within each evaluated disposition value:
# Introduced assertion to intercept structural characters
def part_headers_for_disposition(kvs) do
ds =
kvs
|> Enum.map(fn {k, v} ->
v_str = to_string(v)
:ok = assert_disposition_value!(k, v_str)
"#{k}=\"#{v_str}\""
end)
|> Enum.join("; ")
["content-disposition: form-data; #{ds}\r\n"]
endTo prevent sophisticated bypasses, the subsequent commit 23601edac5d22ba9407b427967b5bdbda201aec2 implemented strict RFC 7230 and RFC 7231 Whitelist validation using binary pattern matching. Rather than simply blocking known bad characters, this implementation validates every character against standard token definition rules.
An attack relies on the target application receiving file metadata from untrusted sources and passing it directly into Tesla.Multipart.add_file/3 or add_file_content/4. For instance, a web service that accepts user uploads and replicates them to a downstream object-store API acts as a potential forwarding proxy.
To exploit this vulnerability, the attacker registers a file upload using a crafted filename containing quotes and line-ending sequences. A typical payload contains a filename like file.txt"\r\nContent-Type: application/x-php\r\n\r\n<?php phpinfo(); ?>\r\n--boundary--. During serialization, the client library constructs the outbound HTTP body using this raw string.
When the downstream system processes the request, it encounters the injected line breaks. It evaluates the injected content-type and body data as separate entities, bypassing filename or extension validations. This allows attackers to perform multipart request smuggling or spoof upload metadata.
The CVSS Base Score is officially rated at 2.1, representing low overall severity due to the local attack vector requirement. Because the library executes inside the context of the calling application, exploitation requires the application itself to expose vulnerable pathways. It does not directly affect the confidentiality, integrity, or availability of the underlying server.
However, the subsequent system integrity rating is classified as low because this vulnerability alters the integrity of data sent to downstream processors. If downstream systems trust the integrity of incoming multipart metadata, they may execute arbitrary commands, allow directory traversal, or process forged requests.
According to the Exploit Prediction Scoring System, the probability of active exploitation in the wild is currently low. Developers must still address this vulnerability since it acts as a secondary exploitation channel inside microservice architectures.
The primary recommendation is to update the tesla dependency to version 1.18.3 or later. This version introduces RFC-compliant character checking that raises an ArgumentError when unescaped characters are detected.
If the dependency cannot be immediately updated, developers must implement strict server-side validation. Filenames and parameter inputs must be filtered to remove double-quotes, carriage returns, and line feeds before calling the client library.
Additionally, applications must wrap multipart creation inside structured try/rescue blocks. Because the patch throws runtime errors when bad input is detected, failing to catch these exceptions can expose the application to denial-of-service vulnerabilities through intentional application crashes.
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N| Product | Affected Versions | Fixed Version |
|---|---|---|
tesla elixir-tesla | >= 0.8.0, < 1.18.3 | 1.18.3 |
| Attribute | Detail |
|---|---|
| CWE ID | CWE-116 |
| Attack Vector | Local |
| CVSS v4.0 Score | 2.1 (Low) |
| EPSS Score | 0.00143 |
| Impact | Low Subsequent System Integrity |
| Exploit Status | Proof of Concept |
| KEV Status | Not Listed |
The software receives input from an upstream component but does not encode or escape the output before constructing a structured message.
CVE-2026-48597 is a high-severity Denial of Service (DoS) vulnerability in the Elixir HTTP client library Tesla (specifically involving the Mint adapter) that allows an unauthenticated remote attacker to cause an unrecoverable crash of the Erlang Virtual Machine (BEAM). The flaw arises from the dynamic conversion of untrusted URL schemes into Erlang atoms without validation, leading to global atom table exhaustion.
CVE-2026-49851 is a high-severity algorithmic complexity vulnerability in the Mistune Markdown parser. Under specific conditions involving dense, unmatched nesting of opening square brackets, the parser fallback loops degrade from linear execution time to a worst-case quadratic complexity. This allows unauthenticated remote attackers to trigger complete CPU exhaustion and subsequent Denial of Service with a highly compact payload.
An allocation of resources without limits or throttling vulnerability in the Elixir Mint HTTP client library allows malicious HTTP/2 servers to trigger memory exhaustion and application denial of service. The flaw exists because Mint fails to validate server-push concurrency limits during the receipt of PUSH_PROMISE frames, deferring validation to the HEADERS phase. This allows a server to reserve an unlimited number of streams in the client's memory map.
An unsafe execution vulnerability exists in the Bazar form field calculator (CalcField.php) of YesWiki prior to version 4.6.6. The application attempts to validate mathematical formulas using a complex recursive regular expression before passing them to the PHP eval() function. This design leads to both Regular Expression Denial of Service (ReDoS) and Remote Code Execution (RCE) via validation bypass.
An infinite loop vulnerability exists in the pure-Python PDF library pypdf prior to version 6.13.1. When parsing or merging a crafted PDF file containing a cyclic Article/Thread structure, the library fails to exit its traversal loop. This causes the executing thread to hang indefinitely, leading to 100% CPU utilization and a denial of service. The vulnerability is tracked under CVE-2026-54651 and GHSA-g9xf-7f8q-9mcj, with a CVSS base score of 5.5. This technical report provides a root cause analysis, code review, exploitation vectors, and mitigation paths.
The Netty-based HTTP Client in the Micronaut framework fails to enforce a maximum redirect ceiling by default when processing HTTP responses. This permits remote, attacker-controlled servers to trigger continuous, infinite redirect loops. The resulting recursion causes high CPU utilization, thread starvation, and potential memory exhaustion, inducing a Denial of Service (DoS) state in client-side applications.