Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2026-47077— Unbounded body accumulation in HTTP/3 response loop in hackney

AI Predicted 7.5 Difficulty: Easy EPSS 0.04% · P13

Possible ATT&CK Techniques 1AI

T1496 · Resource Hijacking

Affected Version Matrix 2

VendorProductVersion RangeStatus
benoitchackney2.0.0< 4.0.1affected
0334af206d5099fdf510ed9eda18e34396f065ad< 3d25f9fea26c90609de9d64366fedfe5065413bcaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-47077

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Unbounded body accumulation in HTTP/3 response loop in hackney
Source: NVD (National Vulnerability Database)
Vulnerability Description
Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. hackney_h3:await_response_loop/6 accumulates the HTTP/3 response body in memory without any size cap. The after Timeout clause is a per-message inactivity timer that resets on every received chunk, housekeeping message, or settings frame — it is not a wall-clock deadline. A malicious HTTP/3 server that emits one small chunk every Timeout - 1 ms with Fin = false and never sends a final frame keeps the loop alive indefinitely while the accumulation buffer grows linearly without bound, eventually exhausting the BEAM process heap and causing an out-of-memory condition. This issue affects hackney: from 2.0.0 before 4.0.1.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
benoitchackney 2.0.0 ~ 4.0.1 cpe:2.3:a:benoitc:hackney:*:*:*:*:*:*:*:*
benoitchackney 0334af206d5099fdf510ed9eda18e34396f065ad ~ 3d25f9fea26c90609de9d64366fedfe5065413bc cpe:2.3:a:benoitc:hackney:*:*:*:*:*:*:*:*

II. Public POCs for CVE-2026-47077

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-47077

登录查看更多情报信息。

Patches & Fixes for CVE-2026-47077 (1)

Vendor Advisories for CVE-2026-47077 (3)

Same Patch Batch · benoitc · 2026-05-25 · 10 CVEs total

CVE-2026-47070HTTP/3 redirect handler leaks Authorization and Cookie headers to cross-origin redirect ta
CVE-2026-47069CRLF injection in cookie domain/path options in hackney
CVE-2026-47076SSRF allowlist bypass via percent-encoded host in hackney
CVE-2026-47073Unbounded memory consumption in WebSocket client in hackney
CVE-2026-47075CR/LF injection in query parameter in hackney
CVE-2026-47072CRLF injection in WebSocket upgrade request in hackney
CVE-2026-47067Atom table exhaustion via unrecognized URL schemes in hackney
CVE-2026-47071SOCKS5 TLS upgrade ignores caller timeout in hackney
CVE-2026-47066Infinite loop in Alt-Svc header parser in hackney

IV. Related Vulnerabilities

Same product: hackney
Same vendor: benoitc
Same weakness: CWE-400

V. Comments for CVE-2026-47077

No comments yet

Leave a comment