CVE-2026-8466 (GCVE-0-2026-8466)
Vulnerability from cvelistv5 – Published: 2026-05-13 18:26 – Updated: 2026-05-14 04:30
VLAI
Title
Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy
Summary
Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing.
cowboy_req:read_part/3 in src/cowboy_req.erl accumulates incoming request bytes into a Buffer binary with no upper-bound check. When cow_multipart:parse_headers/2 returns more or {more, Buffer2}, the function reads up to Length bytes (default 64 KB) from the request body and recurses with the enlarged buffer. There is no equivalent of the byte_size(Acc) > Length guard present in the sibling function read_part_body/4. An unauthenticated attacker can send a multipart/form-data request whose body never yields a complete header section — for example, a body that never contains the advertised boundary delimiter, or one whose header lines never contain \r\n\r\n — and force the server process to accumulate memory linearly with the bytes the protocol layer is willing to deliver. A handful of concurrent such uploads is sufficient to exhaust BEAM memory.
This issue affects cowboy from 2.0.0 before 2.15.0.
Severity
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://cna.erlef.org/cves/CVE-2026-8466.html | relatedthird-party-advisory |
| https://osv.dev/vulnerability/EEF-CVE-2026-8466 | related |
| https://github.com/ninenines/cowboy/commit/5c6a20… | patch |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8466",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T18:46:37.406887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T18:52:29.452Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.hex.pm",
"cpes": [
"cpe:2.3:a:ninenines:cowboy:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"modules": [
"cowboy_req"
],
"packageName": "cowboy",
"packageURL": "pkg:hex/cowboy",
"product": "cowboy",
"programFiles": [
"src/cowboy_req.erl"
],
"programRoutines": [
{
"name": "cowboy_req:read_part/1"
},
{
"name": "cowboy_req:read_part/2"
},
{
"name": "cowboy_req:read_part/3"
}
],
"repo": "https://github.com/ninenines/cowboy",
"vendor": "ninenines",
"versions": [
{
"lessThan": "2.15.0",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://github.com",
"cpes": [
"cpe:2.3:a:ninenines:cowboy:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"modules": [
"cowboy_req"
],
"packageName": "ninenines/cowboy",
"packageURL": "pkg:github/ninenines/cowboy",
"product": "cowboy",
"programFiles": [
"src/cowboy_req.erl"
],
"programRoutines": [
{
"name": "cowboy_req:read_part/1"
},
{
"name": "cowboy_req:read_part/2"
},
{
"name": "cowboy_req:read_part/3"
}
],
"repo": "https://github.com/ninenines/cowboy",
"vendor": "ninenines",
"versions": [
{
"lessThan": "5c6a2061b41bb5771c4659fac7d5a822dca5bafb",
"status": "affected",
"version": "917cf99e10c41676183d501b86af6e47c95afb89",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe application must expose an HTTP endpoint that calls \u003ctt\u003ecowboy_req:read_part/1,2\u003c/tt\u003e to process \u003ctt\u003emultipart/form-data\u003c/tt\u003e request bodies. Deployments that do not handle multipart uploads are not affected.\u003c/p\u003e"
}
],
"value": "The application must expose an HTTP endpoint that calls cowboy_req:read_part/1,2 to process multipart/form-data request bodies. Deployments that do not handle multipart uploads are not affected."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ninenines:cowboy:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.15.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peter Ullrich"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Lo\u00efc Hoguin"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAllocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing.\u003c/p\u003e\u003cp\u003e\u003ctt\u003ecowboy_req:read_part/3\u003c/tt\u003e in \u003ctt\u003esrc/cowboy_req.erl\u003c/tt\u003e accumulates incoming request bytes into a \u003ctt\u003eBuffer\u003c/tt\u003e binary with no upper-bound check. When \u003ctt\u003ecow_multipart:parse_headers/2\u003c/tt\u003e returns \u003ctt\u003emore\u003c/tt\u003e or \u003ctt\u003e{more, Buffer2}\u003c/tt\u003e, the function reads up to \u003ctt\u003eLength\u003c/tt\u003e bytes (default 64 KB) from the request body and recurses with the enlarged buffer. There is no equivalent of the \u003ctt\u003ebyte_size(Acc) \u0026gt; Length\u003c/tt\u003e guard present in the sibling function \u003ctt\u003eread_part_body/4\u003c/tt\u003e. An unauthenticated attacker can send a \u003ctt\u003emultipart/form-data\u003c/tt\u003e request whose body never yields a complete header section \u2014 for example, a body that never contains the advertised boundary delimiter, or one whose header lines never contain \u003ctt\u003e\\r\\n\\r\\n\u003c/tt\u003e \u2014 and force the server process to accumulate memory linearly with the bytes the protocol layer is willing to deliver. A handful of concurrent such uploads is sufficient to exhaust BEAM memory.\u003c/p\u003e\u003cp\u003eThis issue affects cowboy from 2.0.0 before 2.15.0.\u003c/p\u003e"
}
],
"value": "Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing.\n\ncowboy_req:read_part/3 in src/cowboy_req.erl accumulates incoming request bytes into a Buffer binary with no upper-bound check. When cow_multipart:parse_headers/2 returns more or {more, Buffer2}, the function reads up to Length bytes (default 64 KB) from the request body and recurses with the enlarged buffer. There is no equivalent of the byte_size(Acc) \u003e Length guard present in the sibling function read_part_body/4. An unauthenticated attacker can send a multipart/form-data request whose body never yields a complete header section \u2014 for example, a body that never contains the advertised boundary delimiter, or one whose header lines never contain \\r\\n\\r\\n \u2014 and force the server process to accumulate memory linearly with the bytes the protocol layer is willing to deliver. A handful of concurrent such uploads is sufficient to exhaust BEAM memory.\n\nThis issue affects cowboy from 2.0.0 before 2.15.0."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T04:30:32.552Z",
"orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"shortName": "EEF"
},
"references": [
{
"tags": [
"related",
"third-party-advisory"
],
"url": "https://cna.erlef.org/cves/CVE-2026-8466.html"
},
{
"tags": [
"related"
],
"url": "https://osv.dev/vulnerability/EEF-CVE-2026-8466"
},
{
"tags": [
"patch"
],
"url": "https://github.com/ninenines/cowboy/commit/5c6a2061b41bb5771c4659fac7d5a822dca5bafb"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"assignerShortName": "EEF",
"cveId": "CVE-2026-8466",
"datePublished": "2026-05-13T18:26:21.089Z",
"dateReserved": "2026-05-13T11:44:39.149Z",
"dateUpdated": "2026-05-14T04:30:32.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-8466",
"date": "2026-05-27",
"epss": "0.00023",
"percentile": "0.06775"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-8466\",\"sourceIdentifier\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\",\"published\":\"2026-05-13T19:17:30.540\",\"lastModified\":\"2026-05-14T17:07:07.030\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing.\\n\\ncowboy_req:read_part/3 in src/cowboy_req.erl accumulates incoming request bytes into a Buffer binary with no upper-bound check. When cow_multipart:parse_headers/2 returns more or {more, Buffer2}, the function reads up to Length bytes (default 64 KB) from the request body and recurses with the enlarged buffer. There is no equivalent of the byte_size(Acc) \u003e Length guard present in the sibling function read_part_body/4. An unauthenticated attacker can send a multipart/form-data request whose body never yields a complete header section \u2014 for example, a body that never contains the advertised boundary delimiter, or one whose header lines never contain \\\\r\\\\n\\\\r\\\\n \u2014 and force the server process to accumulate memory linearly with the bytes the protocol layer is willing to deliver. A handful of concurrent such uploads is sufficient to exhaust BEAM memory.\\n\\nThis issue affects cowboy from 2.0.0 before 2.15.0.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"references\":[{\"url\":\"https://cna.erlef.org/cves/CVE-2026-8466.html\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://github.com/ninenines/cowboy/commit/5c6a2061b41bb5771c4659fac7d5a822dca5bafb\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://osv.dev/vulnerability/EEF-CVE-2026-8466\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-8466\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-13T18:46:37.406887Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-13T18:52:18.933Z\"}}], \"cna\": {\"title\": \"Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Peter Ullrich\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Lo\\u00efc Hoguin\"}], \"impacts\": [{\"capecId\": \"CAPEC-130\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-130 Excessive Allocation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ninenines:cowboy:*:*:*:*:*:*:*:*\"], \"repo\": \"https://github.com/ninenines/cowboy\", \"vendor\": \"ninenines\", \"modules\": [\"cowboy_req\"], \"product\": \"cowboy\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0\", \"lessThan\": \"2.15.0\", \"versionType\": \"semver\"}], \"packageURL\": \"pkg:hex/cowboy\", \"packageName\": \"cowboy\", \"programFiles\": [\"src/cowboy_req.erl\"], \"collectionURL\": \"https://repo.hex.pm\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"cowboy_req:read_part/1\"}, {\"name\": \"cowboy_req:read_part/2\"}, {\"name\": \"cowboy_req:read_part/3\"}]}, {\"cpes\": [\"cpe:2.3:a:ninenines:cowboy:*:*:*:*:*:*:*:*\"], \"repo\": \"https://github.com/ninenines/cowboy\", \"vendor\": \"ninenines\", \"modules\": [\"cowboy_req\"], \"product\": \"cowboy\", \"versions\": [{\"status\": \"affected\", \"version\": \"917cf99e10c41676183d501b86af6e47c95afb89\", \"lessThan\": \"5c6a2061b41bb5771c4659fac7d5a822dca5bafb\", \"versionType\": \"git\"}], \"packageURL\": \"pkg:github/ninenines/cowboy\", \"packageName\": \"ninenines/cowboy\", \"programFiles\": [\"src/cowboy_req.erl\"], \"collectionURL\": \"https://github.com\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"cowboy_req:read_part/1\"}, {\"name\": \"cowboy_req:read_part/2\"}, {\"name\": \"cowboy_req:read_part/3\"}]}], \"references\": [{\"url\": \"https://cna.erlef.org/cves/CVE-2026-8466.html\", \"tags\": [\"related\", \"third-party-advisory\"]}, {\"url\": \"https://osv.dev/vulnerability/EEF-CVE-2026-8466\", \"tags\": [\"related\"]}, {\"url\": \"https://github.com/ninenines/cowboy/commit/5c6a2061b41bb5771c4659fac7d5a822dca5bafb\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing.\\n\\ncowboy_req:read_part/3 in src/cowboy_req.erl accumulates incoming request bytes into a Buffer binary with no upper-bound check. When cow_multipart:parse_headers/2 returns more or {more, Buffer2}, the function reads up to Length bytes (default 64 KB) from the request body and recurses with the enlarged buffer. There is no equivalent of the byte_size(Acc) \u003e Length guard present in the sibling function read_part_body/4. An unauthenticated attacker can send a multipart/form-data request whose body never yields a complete header section \\u2014 for example, a body that never contains the advertised boundary delimiter, or one whose header lines never contain \\\\r\\\\n\\\\r\\\\n \\u2014 and force the server process to accumulate memory linearly with the bytes the protocol layer is willing to deliver. A handful of concurrent such uploads is sufficient to exhaust BEAM memory.\\n\\nThis issue affects cowboy from 2.0.0 before 2.15.0.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eAllocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing.\u003c/p\u003e\u003cp\u003e\u003ctt\u003ecowboy_req:read_part/3\u003c/tt\u003e in \u003ctt\u003esrc/cowboy_req.erl\u003c/tt\u003e accumulates incoming request bytes into a \u003ctt\u003eBuffer\u003c/tt\u003e binary with no upper-bound check. When \u003ctt\u003ecow_multipart:parse_headers/2\u003c/tt\u003e returns \u003ctt\u003emore\u003c/tt\u003e or \u003ctt\u003e{more, Buffer2}\u003c/tt\u003e, the function reads up to \u003ctt\u003eLength\u003c/tt\u003e bytes (default 64 KB) from the request body and recurses with the enlarged buffer. There is no equivalent of the \u003ctt\u003ebyte_size(Acc) \u0026gt; Length\u003c/tt\u003e guard present in the sibling function \u003ctt\u003eread_part_body/4\u003c/tt\u003e. An unauthenticated attacker can send a \u003ctt\u003emultipart/form-data\u003c/tt\u003e request whose body never yields a complete header section \\u2014 for example, a body that never contains the advertised boundary delimiter, or one whose header lines never contain \u003ctt\u003e\\\\r\\\\n\\\\r\\\\n\u003c/tt\u003e \\u2014 and force the server process to accumulate memory linearly with the bytes the protocol layer is willing to deliver. A handful of concurrent such uploads is sufficient to exhaust BEAM memory.\u003c/p\u003e\u003cp\u003eThis issue affects cowboy from 2.0.0 before 2.15.0.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770 Allocation of Resources Without Limits or Throttling\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"The application must expose an HTTP endpoint that calls cowboy_req:read_part/1,2 to process multipart/form-data request bodies. Deployments that do not handle multipart uploads are not affected.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe application must expose an HTTP endpoint that calls \u003ctt\u003ecowboy_req:read_part/1,2\u003c/tt\u003e to process \u003ctt\u003emultipart/form-data\u003c/tt\u003e request bodies. Deployments that do not handle multipart uploads are not affected.\u003c/p\u003e\", \"base64\": false}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:ninenines:cowboy:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"2.15.0\", \"versionStartIncluding\": \"2.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\", \"shortName\": \"EEF\", \"dateUpdated\": \"2026-05-14T04:30:32.552Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-8466\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-14T04:30:32.552Z\", \"dateReserved\": \"2026-05-13T11:44:39.149Z\", \"assignerOrgId\": \"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\", \"datePublished\": \"2026-05-13T18:26:21.089Z\", \"assignerShortName\": \"EEF\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…