Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2026-47066— Infinite loop in Alt-Svc header parser in hackney

AI Predicted 7.5 Difficulty: Easy

Affected Version Matrix 2

VendorProductVersion RangeStatus
benoitchackney2.0.0-beta.1< 4.0.1affected
408e5fe20302226ea8c74dde2bcbd452d712b5b2< e548aba1f97ffa3f4750da7b772998fb78c01894affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-47066

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Infinite loop in Alt-Svc header parser in hackney
Source: NVD (National Vulnerability Database)
Vulnerability Description
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackney_altsvc.erl does not guarantee forward progress. When parse_token/2 receives a non-token, non-whitespace, non-comma byte (e.g. !, @, =, ;), it returns the input unchanged. skip_comma/1 also returns the buffer unchanged when the first byte is not a comma. parse_entries/2 then recurses with identical data, creating a tight infinite tail-recursive loop that pins a scheduler at 100% CPU. The calling process never returns. The entry point parse_and_cache/3 is called synchronously in the connection process on every HTTP response. A single-byte Alt-Svc: ! response header is sufficient to trigger the hang; the header is fully controlled by any HTTP origin the client connects to. This issue affects hackney: from 2.0.0-beta.1 before 4.0.1.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
不可达退出条件的循环(无限循环)
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
benoitchackney 2.0.0-beta.1 ~ 4.0.1 cpe:2.3:a:benoitc:hackney:*:*:*:*:*:*:*:*
benoitchackney 408e5fe20302226ea8c74dde2bcbd452d712b5b2 ~ e548aba1f97ffa3f4750da7b772998fb78c01894 cpe:2.3:a:benoitc:hackney:*:*:*:*:*:*:*:*

II. Public POCs for CVE-2026-47066

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-47066

登录查看更多情报信息。

Patches & Fixes for CVE-2026-47066 (1)

Vendor Advisories for CVE-2026-47066 (3)

Same Patch Batch · benoitc · 2026-05-25 · 10 CVEs total

CVE-2026-47070HTTP/3 redirect handler leaks Authorization and Cookie headers to cross-origin redirect ta
CVE-2026-47069CRLF injection in cookie domain/path options in hackney
CVE-2026-47076SSRF allowlist bypass via percent-encoded host in hackney
CVE-2026-47073Unbounded memory consumption in WebSocket client in hackney
CVE-2026-47075CR/LF injection in query parameter in hackney
CVE-2026-47072CRLF injection in WebSocket upgrade request in hackney
CVE-2026-47077Unbounded body accumulation in HTTP/3 response loop in hackney
CVE-2026-47067Atom table exhaustion via unrecognized URL schemes in hackney
CVE-2026-47071SOCKS5 TLS upgrade ignores caller timeout in hackney

IV. Related Vulnerabilities

Same product: hackney
Same vendor: benoitc
Same weakness: CWE-835

V. Comments for CVE-2026-47066

No comments yet

Leave a comment