Packages

plug_cowboy

v2.8.1

A Plug adapter for Cowboy

HexDocs HexPreview

Current section

2 Advisories

Jump to

Readme 28 Versions 3 Dependencies 348 Dependants Activity 2 Advisories

GHSA-q8x4-x7mp-5vg2 CVE-2026-32688 EEF-CVE-2026-32688

Plug.Cowboy vulnerable to unauthenticated remote DoS via HTTP/2 `:scheme` atom-table exhaustion

May 05, 2026

CVSS

8.7 / 10.0 High

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Versions

>= 2.0.0 and < 2.8.1

References

https://github.com/elixir-plug/plug_cowboy/security/advisories/GHSA-q8x4-x7mp-5vg2
https://nvd.nist.gov/vuln/detail/CVE-2026-32688
https://github.com/elixir-plug/plug_cowboy/commit/bfb34cb45eb354e56437f7023fb306de1bf9c19b
https://cna.erlef.org/cves/CVE-2026-32688.html
https://github.com/elixir-plug/plug_cowboy
https://osv.dev/vulnerability/EEF-CVE-2026-32688

EEF-CVE-2026-32688 CVE-2026-32688 GHSA-q8x4-x7mp-5vg2

Atom table exhaustion via HTTP/2 :scheme pseudo-header in plug_cowboy

April 27, 2026

CVSS

8.7 / 10.0 High

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Versions

>= 2.0.0 and < 2.8.1

References

https://github.com/elixir-plug/plug_cowboy/security/advisories/GHSA-q8x4-x7mp-5vg2
https://cna.erlef.org/cves/CVE-2026-32688.html
https://github.com/elixir-plug/plug_cowboy/commit/bfb34cb45eb354e56437f7023fb306de1bf9c19b
https://hex.pm/packages/plug_cowboy

Checksum

Dependency Config

mix.exs

rebar.config

Gleam

erlang.mk

Package Details

Downloads Last 30 days, all versions

this version

67 490

yesterday

37 366

last 7 days

186 382

all time

137 872 024

Last Updated

Apr 27, 2026

License

Apache-2.0

Build Tools

mix

Publisher

gazler

Owners

josevalim
gazler

plug_cowboy

Checksum

Dependency Config

Package Details

Links

Owners