Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2026-47068— Cross-session PubSub topic injection via URL parameter in phoenix_storybook

AI Predicted 9.8 Difficulty: Easy EPSS 0.04% · P13

Affected Version Matrix 2

VendorProductVersion RangeStatus
phenixdigitalphoenix_storybook0.4.0< 1.1.0affected
8c2c97b0f505780fee4069988bf86736f51d35d7< 6ee03f1c738d4436dde1b066cf65c80663d489f5affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-47068

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Cross-session PubSub topic injection via URL parameter in phoenix_storybook
Source: NVD (National Vulnerability Database)
Vulnerability Description
Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenix_storybook allows cross-session PubSub topic injection via a URL query parameter. 'Elixir.PhoenixStorybook.Story.ComponentIframeLive':handle_params/3 in lib/phoenix_storybook/live/story/component_iframe_live.ex reads a PubSub topic directly from params["topic"] and broadcasts {:component_iframe_pid, self()} on it with no check that the topic belongs to the requesting session. The shared PhoenixStorybook.PubSub is used to coordinate playground LiveViews with their iframes: a playground subscribes to a session-specific topic and uses the received iframe pid to direct subsequent control messages (variation state, theme switches, extra-assign payloads) via send/2. Because the iframe trusts the query parameter, an attacker who loads /storybook/iframe/<story>?topic=<victim_topic> causes their iframe process pid to be announced on the victim's topic. The victim's playground then addresses its private messages to the attacker's iframe process. This issue affects phoenix_storybook from 0.4.0 before 1.1.0.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过用户控制密钥绕过授权机制
Source: NVD (National Vulnerability Database)
Vulnerability Title
PhoenixStorybook 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
PhoenixStorybook是Phenix Digital开源的一个组件展示与交互调试的UI工具。 PhoenixStorybook 0.4.0至1.1.0之前版本存在安全漏洞,该漏洞源于通过用户控制密钥绕过授权,攻击者可通过URL查询参数注入跨会话PubSub主题。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
phenixdigitalphoenix_storybook 0.4.0 ~ 1.1.0 cpe:2.3:a:phenixdigital:phoenix_storybook:*:*:*:*:*:*:*:*
phenixdigitalphoenix_storybook 8c2c97b0f505780fee4069988bf86736f51d35d7 ~ 6ee03f1c738d4436dde1b066cf65c80663d489f5 cpe:2.3:a:phenixdigital:phoenix_storybook:*:*:*:*:*:*:*:*

II. Public POCs for CVE-2026-47068

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-47068

登录查看更多情报信息。

Patches & Fixes for CVE-2026-47068 (1)

Vendor Advisories for CVE-2026-47068 (3)

Same Patch Batch · phenixdigital · 2026-05-20 · 3 CVEs total

CVE-2026-8469Unauthenticated denial-of-service via BEAM atom table exhaustion in phoenix_storybook
CVE-2026-8467Unauthenticated remote code execution via HEEx template injection in phoenix_storybook pla

IV. Related Vulnerabilities

Same product: phoenix_storybook
Same vendor: phenixdigital
Same weakness: CWE-639

V. Comments for CVE-2026-47068

No comments yet

Leave a comment