CVE-2026-33872

Name of the Vulnerable Software and Affected Versions elixir-nodejs versions prior to 3.1.4

Description elixir-nodejs is an Elixir API for calling Node.js functions. A flaw exists due to a race condition in the worker protocol, leading to Cross-User Data Leakage or Information Disclosure. The absence of request-response correlation results in a "stale response" issue where the worker may return data intended for a different user. In high-throughput scenarios processing sensitive data like PII or authentication tokens, timeouts or high concurrency can cause a user to receive data belonging to another user. This can lead to unauthorized disclosure of information without triggering errors, potentially providing incorrect data to the wrong session.

Recommendations Update to version 3.1.4 or later.