CVE-2026-47071— SOCKS5 TLS upgrade ignores caller timeout in hackney
Possible ATT&CK Techniques 1AI
T1496 · Resource HijackingGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-47071
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SOCKS5 TLS upgrade ignores caller timeout in hackney
Source: NVD (National Vulnerability Database)
Vulnerability Description
Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackney_socks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but then upgrades the connection to TLS using the two-argument form ssl:connect/2, which defaults to an infinite timeout. The Timeout value is in scope at the call site but is not forwarded. A hostile SOCKS5 proxy that completes the SOCKS5 handshake normally and then goes silent (or sends a partial TLS ServerHello and stalls) will cause the connecting process to block indefinitely, regardless of the connect_timeout or recv_timeout options supplied by the caller. This issue affects hackney: from 0.10.0 before 4.0.1.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-47071
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-47071
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-47071 (1)
Vendor Advisories for CVE-2026-47071 (3)
- EEF-CVE-2026-47071 - OSVrelated
Same Patch Batch · benoitc · 2026-05-25 · 10 CVEs total
| CVE-2026-47070 | HTTP/3 redirect handler leaks Authorization and Cookie headers to cross-origin redirect ta | |
| CVE-2026-47069 | CRLF injection in cookie domain/path options in hackney | |
| CVE-2026-47076 | SSRF allowlist bypass via percent-encoded host in hackney | |
| CVE-2026-47073 | Unbounded memory consumption in WebSocket client in hackney | |
| CVE-2026-47075 | CR/LF injection in query parameter in hackney | |
| CVE-2026-47072 | CRLF injection in WebSocket upgrade request in hackney | |
| CVE-2026-47077 | Unbounded body accumulation in HTTP/3 response loop in hackney | |
| CVE-2026-47067 | Atom table exhaustion via unrecognized URL schemes in hackney | |
| CVE-2026-47066 | Infinite loop in Alt-Svc header parser in hackney |
IV. Related Vulnerabilities
Same product: hackney
- CVE-2026-47067
Atom table exhaustion via unrecognized URL schemes in hackne - CVE-2026-47073
Unbounded memory consumption in WebSocket client in hackney - CVE-2026-47072
CRLF injection in WebSocket upgrade request in hackney - CVE-2026-47076
SSRF allowlist bypass via percent-encoded host in hackney - CVE-2026-47070
HTTP/3 redirect handler leaks Authorization and Cookie heade
Same vendor: benoitc
- CVE-2026-47067
Atom table exhaustion via unrecognized URL schemes in hackne - CVE-2026-47073
Unbounded memory consumption in WebSocket client in hackney - CVE-2026-47072
CRLF injection in WebSocket upgrade request in hackney - CVE-2026-47076
SSRF allowlist bypass via percent-encoded host in hackney - CVE-2026-47070
HTTP/3 redirect handler leaks Authorization and Cookie heade
Same weakness: CWE-400
- CVE-2026-47073
Unbounded memory consumption in WebSocket client in hackney - CVE-2026-47077
Unbounded body accumulation in HTTP/3 response loop in hackn - CVE-2026-5308
Missing request body size limits on Zoom plugin HTTP endpoin - CVE-2026-5755
Denial of service via crafted TIFF file upload - CVE-2026-9137
CSP Report Endpoint Log Flooding via Incorrect Size Limit
V. Comments for CVE-2026-47071
No comments yet