plug_cowboy

2.8.1

2.8.1 2.8.0 2.7.5 2.7.4 2.7.3 2.7.2 2.7.1 2.7.0 2.6.2 2.6.1 2.6.0 2.5.2 2.5.1 2.5.0 2.4.1 2.4.0 2.3.0 2.2.2 retired 2.2.1 retired 2.2.0 retired 2.1.3 2.1.2 2.1.1 2.1.0 2.0.2 2.0.1 2.0.0 1.0.0

A Plug adapter for Cowboy

HexDocs HexPreview

Current section

1 Advisory

Jump to

Readme 28 Versions 3 Dependencies 316 Dependants 1 Advisory Activity

EEF-CVE-2026-32688 CVE-2026-32688 GHSA-q8x4-x7mp-5vg2

Atom table exhaustion via HTTP/2 :scheme pseudo-header in plug_cowboy

April 27, 2026

CVSS

8.7 / 10.0 High

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Versions

>= 2.0.0 and < 2.8.1

References

https://cna.erlef.org/cves/CVE-2026-32688.html
https://github.com/elixir-plug/plug_cowboy
https://github.com/elixir-plug/plug_cowboy/commit/bfb34cb45eb354e56437f7023fb306de1bf9c19b
https://github.com/elixir-plug/plug_cowboy/security/advisories/GHSA-q8x4-x7mp-5vg2
https://hex.pm/packages/plug_cowboy
https://nvd.nist.gov/vuln/detail/CVE-2026-32688
https://osv.dev/vulnerability/EEF-CVE-2026-32688

Checksum

Dependency Config

mix.exs

rebar.config

Gleam

erlang.mk

Package Details

Downloads Last 30 days, all versions

this version

355 901

yesterday

31 082

last 7 days

178 593

all time

138 473 081

Last Updated

Apr 27, 2026

License

Apache-2.0

Build Tools

mix

Publisher

gazler

Owners

josevalim
gazler

Operator	Description	Example
name:	Match package name. Supports * wildcards and repo/package form	name:phx* or name:hexpm/phoenix
description:	Full-text search of package descriptions	description:auth
depends:	Packages depending on a given package. Supports repo:package form	depends:ecto or depends:hexpm:ecto
build_tool:	Filter by build tool	build_tool:mix
updated_after:	Packages updated after an ISO8601 datetime	updated_after:2025-01-01T00:00:00Z
extra:	Match custom metadata (key,value). Nested keys are separated by commas	extra:license,MIT

plug_cowboy

Checksum

Dependency Config

Package Details

Links

Owners

Search filters