CVE-2026-56810

Elixir-Mint · Mint

The Elixir-Mint Mint library is vulnerable to resource exhaustion due to a lack of limits or throttling on resource allocation during network operations.

Executive summary

A high-severity resource exhaustion vulnerability in the Elixir-Mint Mint library allows remote attackers to cause a denial-of-service via uncontrolled resource allocation.

Vulnerability

This vulnerability (CWE-770) occurs because the software fails to implement appropriate limits or throttling when allocating resources. An unauthenticated remote attacker can trigger this condition to consume excessive system resources, leading to a denial-of-service (DoS) state.

Business impact

The CVSS score of 8.7 reflects the high risk of service disruption. A successful attack will render the affected application unavailable, causing significant downtime and business interruption for any services relying on the Mint library for network communication. As the vulnerability is automatable, the risk of automated exploitation against exposed services is substantial.

Remediation

Immediate Action: Update the Mint library to version 1.9.1 or later to implement the necessary resource constraints.

Proactive Monitoring: Monitor system resource usage (CPU and memory) for sudden, unexplained spikes that could indicate an ongoing resource exhaustion attack.

Compensating Controls: Deploy rate limiting at the network boundary or application entry point to restrict the volume of incoming requests that could trigger resource-heavy operations.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Given the ease with which this vulnerability can be exploited to disrupt service, organizations should prioritize updating the Mint dependency. Ensuring the library is patched to 1.9.1 is critical to maintaining service availability and preventing resource exhaustion attacks.