Vulnerability Summary: CVE-2026-42793 Vulnerability Overview Vulnerability Name: Atom table exhaustion via attacker-controlled GraphQL SDL names in absinthe Vulnerability ID: CVE-2026-42793 CVSS Score: 8.2 (High) Vulnerability Type: Uncontrolled Resource Consumption / Lack of Resource Throttling (CWE-770) Description: When parsing attacker-controlled GraphQL SDL documents in the library, the Erlang atom table can be exhausted. Multiple modules within (such as ) convert document names, field names, type names, and other elements into atoms (Erlang terms) during the parsing of GraphQL SDL. Since the Erlang atom table has a fixed upper limit (default 1,048,576), an attacker can permanently consume atom table space by submitting malicious documents containing a large number of unique names. This can cause the Erlang VM to crash with a error, resulting in a Denial of Service (DoS). Affected Components: versions 1.5.0 through 1.10.2. Affected Scope This vulnerability affects specific source files in the following modules: Affected Versions: Hex Package Version: 1.5.0 - < 1.10.2 Git Repository Version: d0eae77645 - < 0d4d2b938e Remediation Fixed Version: Upgrade to version 1.10.2 or higher. Git Fix Commit: References GitHub Security Advisory OSV Vulnerability Details