Around one tenth of CVEs published by the EEF CNA are caused by atom exhaustion, a denial-of-service vulnerability that is well understood, often preventable, and still showing up in production Erlang and Elixir applications.
Correction (2026-05-29): An earlier version of this post stated that
approximately one third of EEF CNA CVEs are caused by atom exhaustion. The
correct figure is approximately one tenth. The text has been updated.
