plug_cowboy

2.9.0

2.9.0 2.8.1 2.8.0 2.7.5 2.7.4 2.7.3 2.7.2 2.7.1 2.7.0 2.6.2 2.6.1 2.6.0 2.5.2 2.5.1 2.5.0 2.4.1 2.4.0 2.3.0 2.2.2 retired 2.2.1 retired 2.2.0 retired 2.1.3 2.1.2 2.1.1 2.1.0 2.0.2 2.0.1 2.0.0 1.0.0

A Plug adapter for Cowboy

HexDocs HexPreview

Current section

1 Advisory

Jump to

Readme 29 Versions 3 Dependencies 318 Dependants 1 Advisory Activity

EEF-CVE-2026-32688 CVE-2026-32688 GHSA-q8x4-x7mp-5vg2

Atom table exhaustion via HTTP/2 :scheme pseudo-header in plug_cowboy

April 27, 2026

CVSS

8.7 / 10.0 High

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Versions

>= 2.0.0 and < 2.8.1

References

https://cna.erlef.org/cves/CVE-2026-32688.html
https://github.com/elixir-plug/plug_cowboy
https://github.com/elixir-plug/plug_cowboy/commit/bfb34cb45eb354e56437f7023fb306de1bf9c19b
https://github.com/elixir-plug/plug_cowboy/security/advisories/GHSA-q8x4-x7mp-5vg2
https://hex.pm/packages/plug_cowboy
https://nvd.nist.gov/vuln/detail/CVE-2026-32688
https://osv.dev/vulnerability/EEF-CVE-2026-32688

Checksum

Dependency Config

mix.exs

rebar.config

Gleam

erlang.mk

Package Details

Downloads Last 30 days, all versions

this version

4 708

yesterday

27 432

last 7 days

180 263

all time

139 210 112

Last Updated

Jun 25, 2026

License

Apache-2.0

Build Tools

mix

Publisher

josevalim

Owners

josevalim
gazler

Operator	Description	Example
name:	Match package name. Supports * wildcards and repo/package form	name:phx* or name:hexpm/phoenix
description:	Full-text search of package descriptions	description:auth
depends:	Packages depending on a given package. Supports repo:package form	depends:ecto or depends:hexpm:ecto
build_tool:	Filter by build tool	build_tool:mix
updated_after:	Packages updated after an ISO8601 datetime	updated_after:2025-01-01T00:00:00Z
extra:	Match custom metadata (key,value). Nested keys are separated by commas	extra:license,MIT

plug_cowboy

Checksum

Dependency Config

Package Details

Links

Owners

Search filters