Unauthenticated denial-of-service via BEAM atom table exhaustion in phoenix_storybook

Weakness Type (CWE)

CWE-770 — CWE-770 Allocation of Resources Without Limits or Throttling

CAPEC

CAPEC-130 — CAPEC-130 Excessive Allocation

CVSS 4.0 Score

8.2

HIGH

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Vulnerability description

Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenix_storybook allows unauthenticated denial-of-service via BEAM atom table exhaustion.

Multiple LiveView event handlers convert user-supplied event parameter strings to atoms using String.to_atom/1 without validation: 'Elixir.PhoenixStorybook.ExtraAssignsHelpers':handle_set_variation_assign/3 interns every key of the psb-assign params map; 'Elixir.PhoenixStorybook.ExtraAssignsHelpers':handle_toggle_variation_assign/3 interns the "attr" value from psb-toggle events; 'Elixir.PhoenixStorybook.ExtraAssignsHelpers':to_variation_id/2 interns elements of "variation_id"; and 'Elixir.PhoenixStorybook.ExtraAssignsHelpers':to_value/4 interns raw string values for attributes declared as :atom or :boolean. BEAM atoms are never garbage-collected, so each unique attacker-controlled string is a permanent allocation. Once the atom table ceiling (~1,048,576 atoms) is reached, the entire BEAM node aborts, taking down all applications running on it.

This issue affects phoenix_storybook from 0.2.0 before 1.1.0.

Affected

`pkg:hex/phoenix_storybook`

Module	Source File	Routine
`Elixir.PhoenixStorybook.ExtraAssignsHelpers`	`lib/phoenix_storybook/helpers/extra_assigns_helpers.ex`	`PhoenixStorybook.ExtraAssignsHelpers.handle_set_variation_assign/3`
`Elixir.PhoenixStorybook.Story.Playground`	`lib/phx_live_storybook/live/entry_live.ex`	`PhoenixStorybook.ExtraAssignsHelpers.handle_toggle_variation_assign/3`
		`PhoenixStorybook.ExtraAssignsHelpers.to_variation_id/2`
		`PhoenixStorybook.ExtraAssignsHelpers.to_value/4`

Status	Type	Version	Changes / Fixed in
affected	semver ^ⓘ	`0.2.0`	< `1.1.0`

`pkg:github/phenixdigital/phoenix_storybook`

Module	Source File	Routine
`Elixir.PhoenixStorybook.ExtraAssignsHelpers`	`lib/phoenix_storybook/helpers/extra_assigns_helpers.ex`	`PhoenixStorybook.ExtraAssignsHelpers.handle_set_variation_assign/3`
`Elixir.PhoenixStorybook.Story.Playground`	`lib/phx_live_storybook/live/entry_live.ex`	`PhoenixStorybook.ExtraAssignsHelpers.handle_toggle_variation_assign/3`
		`PhoenixStorybook.ExtraAssignsHelpers.to_variation_id/2`
		`PhoenixStorybook.ExtraAssignsHelpers.to_value/4`

Status	Type	Version	Changes / Fixed in
affected	git ^ⓘ	`0228669d55`	< `96d524690a`

Configurations

Phoenix Storybook must be mounted on a network-reachable route.

References

https://github.com/phenixdigital/phoenix_storybook/security/advisories/GHSA-833p-95jq-929q vendor-advisory related
https://osv.dev/vulnerability/EEF-CVE-2026-8469 related
https://github.com/phenixdigital/phoenix_storybook/commit/96d524690af0fe197a49f60d18e564a620b9ef81 patch

Credits

Finder: Peter Ullrich
Remediation developer: Christian Blavier
Analyst: Jonatan Männchen

CVE record as JSON: GET /cves/CVE-2026-8469.json
OSV record as JSON: GET /osv/EEF-CVE-2026-8469.json