CVE-2026-48598 Overview
CVE-2026-48598 is an improper encoding or escaping of output vulnerability [CWE-116] in the elixir-tesla HTTP client library. The flaw allows multipart part header injection through unescaped Content-Disposition parameter values. The function Tesla.Multipart.part_headers_for_disposition/1 interpolates disposition parameters without validating carriage return (\r), line feed (\n), or double-quote characters. Attackers who control field names, filenames, or disposition options can break out of the quoted parameter context and inject arbitrary headers or body content. The issue affects tesla versions from 0.8.0 before 1.18.3.
Critical Impact
An attacker who controls multipart field names, filenames, or disposition options can inject forged headers such as Content-Type or prepend bytes into the part body of outbound HTTP requests.
Affected Products
- elixir-tesla tesla versions 0.8.0 through 1.18.2
- Elixir applications using Tesla.Multipart.add_field/4, add_file/3, or add_file_content/4 with untrusted input
- Downstream services consuming multipart requests built from attacker-influenced file paths
Discovery Timeline
- 2026-06-02 - CVE-2026-48598 published to NVD
- 2026-06-03 - Last updated in NVD database
Technical Details for CVE-2026-48598
Vulnerability Analysis
The vulnerability resides in Tesla.Multipart.part_headers_for_disposition/1, which builds Content-Disposition parameters using direct string interpolation of the form #{k}="#{v}". No sanitization removes CRLF sequences or double-quote characters from the value. Callers supply these values through Tesla.Multipart.add_field/4, Tesla.Multipart.add_file/3, and Tesla.Multipart.add_file_content/4. The name parameter, the filename parameter, and arbitrary disposition options all flow into the unsafe interpolation path verbatim.
A double-quote character in a parameter value closes the quoted parameter early and exposes additional disposition syntax to manipulation. A \r\n sequence terminates the Content-Disposition header line and starts a new header within the same part, enabling a forged Content-Type or other part-level header. A subsequent \r\n terminates the entire part header block and prepends attacker-controlled bytes to the part body.
Root Cause
The root cause is missing output encoding [CWE-116] on disposition parameter values. The library trusts caller input and emits it into a structured wire protocol without escaping the structural characters that delimit headers and quoted strings.
Attack Vector
Exploitation requires a calling application to forward attacker-controlled input into a multipart field name, filename, or disposition option. The add_file/3 default-filename path derives the filename via Path.basename/1, which preserves CR and LF characters. Any application that forwards a partially attacker-controlled file path inherits the injection primitive without explicitly opting in.
No verified exploit code is published. See the GitHub Security Advisory GHSA-28jh-g32x-v9v4 and the fix commit bb1a2c3d for technical details.
Detection Methods for CVE-2026-48598
Indicators of Compromise
- Outbound multipart requests containing raw \r\n byte sequences inside Content-Disposition parameter values.
- Multipart parts where a single Content-Disposition declaration is followed by an unexpected second header such as a duplicate Content-Type.
- Filenames or field names in logs containing embedded double-quote characters or control characters.
Detection Strategies
- Audit application code for calls to Tesla.Multipart.add_field/4, add_file/3, and add_file_content/4 where the name, filename, or disposition option arguments originate from user input.
- Capture and inspect HTTP egress at a proxy and flag multipart bodies whose part headers contain 0x0D 0x0A inside quoted parameter values.
- Review dependency manifests (mix.exs, mix.lock) for tesla versions earlier than 1.18.3.
Monitoring Recommendations
- Log and alert on Elixir application deployments still pinned to vulnerable tesla releases.
- Add static analysis rules that flag direct interpolation of request-derived values into multipart helpers.
- Monitor receiving services for parse errors or anomalous part headers indicative of injection attempts.
How to Mitigate CVE-2026-48598
Immediate Actions Required
- Upgrade tesla to version 1.18.3 or later in all Elixir projects.
- Identify code paths that pass user-controlled strings to multipart helpers and add input validation rejecting \r, \n, and " characters.
- Sanitize filenames derived from external paths before passing them to Tesla.Multipart.add_file/3.
Patch Information
The fix is included in tesla1.18.3. The remediation commit is bb1a2c3d. Additional details are available in the CNA advisory for CVE-2026-48598 and the OSV record EEF-CVE-2026-48598.
Workarounds
- Reject or strip CR, LF, and double-quote characters from any value passed as a multipart field name, filename, or disposition option.
- Replace default-filename behavior with an explicit filename option containing a vetted, sanitized string.
- Constrain user-influenced filenames to an allow-list of safe characters such as [A-Za-z0-9._-] before invoking multipart helpers.
# Configuration example
# Pin a fixed tesla version in mix.exs
# {:tesla, "~> 1.18.3"}
mix deps.update tesla
mix deps.get
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
