EEF-CVE-2026-47068

See a problem?
Please try reporting it to the source first.

Source

https://cna.erlef.org/osv/EEF-CVE-2026-47068.html

Import Source

https://cna.erlef.org/osv/EEF-CVE-2026-47068.json

JSON Data

https://api.osv.dev/v1/vulns/EEF-CVE-2026-47068

Aliases

CVE-2026-47068
GHSA-mrhx-6pw9-q5fh

Published

2026-05-20T13:35:33.215Z

Modified

2026-05-20T13:56:23.111680394Z

Severity

2.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

Cross-session PubSub topic injection via URL parameter in phoenix_storybook

Details

Summary

Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenix_storybook allows cross-session PubSub topic injection via a URL query parameter.

'Elixir.PhoenixStorybook.Story.ComponentIframeLive':handleparams/3 in lib/phoenixstorybook/live/story/componentiframelive.ex reads a PubSub topic directly from params["topic"] and broadcasts {:componentiframepid, self()} on it with no check that the topic belongs to the requesting session. The shared PhoenixStorybook.PubSub is used to coordinate playground LiveViews with their iframes: a playground subscribes to a session-specific topic and uses the received iframe pid to direct subsequent control messages (variation state, theme switches, extra-assign payloads) via send/2. Because the iframe trusts the query parameter, an attacker who loads /storybook/iframe/<story>?topic=<victim_topic> causes their iframe process pid to be announced on the victim's topic. The victim's playground then addresses its private messages to the attacker's iframe process.

This issue affects phoenix_storybook from 0.4.0 before 1.1.0.

Database specific

{
    "cwe_ids": [
        "CWE-639"
    ],
    "capec_ids": [
        "CAPEC-12"
    ],
    "cpe_ids": [
        "cpe:2.3:a:phenixdigital:phoenix_storybook:*:*:*:*:*:*:*:*"
    ]
}

References

Credits

- Peter Ullrich - FINDER
- Christian Blavier - REMEDIATION_DEVELOPER
- Jonatan Männchen - ANALYST

Affected packages

Hex / phoenix_storybook

Package

Name: phoenix_storybook
Purl: pkg:hex/phoenix_storybook

Affected ranges

Type: SEMVER
Events: Introduced

0.4.0

Fixed

1.1.0

Affected versions

0.*

0.5.0

0.5.1

0.5.2

0.5.3

0.5.4

0.5.5

0.5.6

0.5.7

0.6.0

0.6.1

0.6.2

0.6.3

0.6.4

0.7.0

0.7.1

0.7.2

0.8.0

0.8.1

0.8.2

0.8.3

0.9.0

0.9.1

0.9.2

0.9.3

1.*

1.0.0

Database specific

source

"https://cna.erlef.org/osv/EEF-CVE-2026-47068.json"

Git / github.com/phenixdigital/phoenix_storybook

Affected ranges

Type: GIT
Repo: https://github.com/phenixdigital/phoenix_storybook
Events: Introduced

8c2c97b0f505780fee4069988bf86736f51d35d7

Fixed

6ee03f1c738d4436dde1b066cf65c80663d489f5

Affected versions

v0.*

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.4.5

v0.5.0

v0.5.1

v0.5.2

v0.5.3

v0.5.4

v0.5.5

v0.5.6

v0.5.7

v0.6.0

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.7.0

v0.7.1

v0.7.2

v0.8.1

v0.8.3

v0.9.0

v0.9.1

v0.9.2

v0.9.3

v1.*

v1.0.0

Database specific

source

"https://cna.erlef.org/osv/EEF-CVE-2026-47068.json"