CVE-2026-39804 | mtrudel bandit up to 1.10.x permessage_deflate.ex Elixir.Bandit.WebSocket.PerMessageDeflate allocation of resources (GHSA-frh3-6pv6-rc8j / EUVD-2026-26711)

A vulnerability was found in mtrudel bandit up to 1.10.x. It has been rated as problematic. This impacts the function Elixir.Bandit.WebSocket.PerMessageDeflate in the library lib/bandit/websocket/permessage_deflate.ex. This manipulation causes allocation of resources.

This vulnerability is tracked as CVE-2026-39804. The attack is possible to be carried out remotely. No exploit exists.

Upgrading the affected component is advised.VulDB Recent EntriesRead More