Decimal and Postgrex Elixir Libraries Address Security Vulnerabilities Under CVE-2026-32686 and CVE-2026-32687

A GitHub Issues entry flags security patches for two foundational Elixir libraries: Decimal and Postgrex. The issues page references CVE-2026-32686 affecting the Decimal library, alongside CVE-2026-32687 tied to Postgrex. Both are critical dependencies within the Elixir ecosystem—Decimal handles arbitrary-precision decimal arithmetic commonly used in financial and precision-sensitive applications, while Postgrex serves as the primary PostgreSQL adapter for Elixir projects. The specific technical details, severity ratings, and scope of affected versions remain unavailable in the current source material. Developers and platform operators using these libraries are advised to monitor the linked advisories on GitHub and OpenCVE for patched releases and mitigation guidance. The concurrent disclosure across both libraries suggests a coordinated vulnerability disclosure process, though the nature of the shared exposure—common dependency, similar vulnerability class, or simultaneous audit—has not been specified. Organizations running Elixir-based infrastructure should treat this as a priority update path and verify their dependency trees against the forthcoming patch releases.