CVE

CVE-2026-42786

0field notes · 1digest CVSS 8.7

Daily digests

An attacker can crash your Bandit-based Elixir/Erlang web server by sending crafted WebSocket continuation frames that pile up in memory without limit. No authentication needed. The server just keeps buffering until it runs out of RAM and dies.

Daily Digest · May 7, 2026
Gotenberg SSRF at CVSS 9.4, Apache RCE close behind

CVE-2026-42786

Gotenberg SSRF at CVSS 9.4, Apache RCE close behind