CVE-2026-48860
published 2026-06-10CVE-2026-48860: Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl (inet_tls_dist module) allows unauthenticated bypass of the distribution-over-TLS LAN…
PriorityP341medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.19%
9.3th percentile
Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl (inet_tls_dist module) allows unauthenticated bypass of the distribution-over-TLS LAN allowlist.
The inet_tls_dist:check_ip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead of inet:peername/1 to obtain the peer's IP address. Because inet:sockname/1 returns the local socket address, both the local IP and the supposed peer IP resolve to the same value, causing the subnet mask comparison to always succeed regardless of the actual remote address. Any holder of a CA-signed TLS certificate can therefore bypass the LAN restriction and gain full Erlang distribution access to the node, including rpc:call/4 and code:load_binary/3.
This vulnerability is associated with program file lib/ssl/src/inet_tls_dist.erl.
This issue affects OTP from OTP 26.0 before 29.0.2, 28.5.0.2 and 27.3.4.13 corresponding to ssl from 11.0 before 11.7.2, 11.6.0.2 and 11.2.12.9.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | erlang | — | — |
| erlang | erlang_otp | >= 26.0 < 27.3.4.13 | 27.3.4.13 |
| erlang | erlang_otp | >= 28.0 < 28.5.0.2 | 28.5.0.2 |
| erlang | erlang_otp | >= 29.0 < 29.0.2 | 29.0.2 |
| erlang | erlang_ssl | >= 11.0 < 11.2.12.9 | 11.2.12.9 |
| erlang | erlang_ssl | >= 11.6 < 11.6.0.2 | 11.6.0.2 |
| erlang | erlang_ssl | >= 11.7 < 11.7.2 | 11.7.2 |
| erlang | otp | >= 11.0 < * | * |
| erlang | otp | >= 26.0 < * | * |
| erlang | otp | >= 7a08c5507862a7011568506d0c17b1fdef30bee4 < 0209a6df65d605552b378273027b3968b35f26b4 | 0209a6df65d605552b378273027b3968b35f26b4 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv4.07.5HIGHCVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
erlang: Erlang/OTP: Authentication bypass allows arbitrary code execution via improper IP address validation
vendor_redhat·2026-06-10·CVSS 6.5
CVE-2026-48860 [MEDIUM] CWE-303 erlang: Erlang/OTP: Authentication bypass allows arbitrary code execution via improper IP address validation
erlang: Erlang/OTP: Authentication bypass allows arbitrary code execution via improper IP address validation
Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl (inet_tls_dist module) allows unauthenticated bypass of the distribution-over-TLS LAN allowlist.
The inet_tls_dist:check_ip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead of inet:peername/1 to obtain the peer's IP address. Because inet:sockname/1 returns the local socket address, both the local IP and the supposed peer IP resolve to the same value, causing the subnet mask comparison to always succeed regardless of the actual remote address. Any holder of a CA-signed TLS certificate can therefore bypass the LAN restriction and gain full Erlang distrib
VulDB
Erlang OTP TLS Certificate inet_tls_dist.erl comparison using wrong factors (GHSA-gp7x-mfv6-52cv)
vuldb·2026-06-10·CVSS 7.5
CVE-2026-48860 [HIGH] Erlang OTP TLS Certificate inet_tls_dist.erl comparison using wrong factors (GHSA-gp7x-mfv6-52cv)
A vulnerability was found in Erlang OTP. It has been rated as problematic. This issue affects some unknown processing in the library lib/ssl/src/inet_tls_dist.erl of the component TLS Certificate Handler. Performing a manipulation results in comparison using wrong factors.
This vulnerability is cataloged as CVE-2026-48860. The attack must originate from the local network. There is no exploit available.
Upgrading the affected component is advised.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-48860 erlang: Erlang/OTP: Authentication bypass allows arbitrary code execution via improper IP address validation [fedora-all]
bugzilla·2026-06-18·CVSS 6.5
CVE-2026-48860 [MEDIUM] CVE-2026-48860 erlang: Erlang/OTP: Authentication bypass allows arbitrary code execution via improper IP address validation [fedora-all]
CVE-2026-48860 erlang: Erlang/OTP: Authentication bypass allows arbitrary code execution via improper IP address validation [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48860 erlang: Erlang/OTP: Authentication bypass allows arbitrary code execution via improper IP address validation [epel-all]
bugzilla·2026-06-18·CVSS 6.5
CVE-2026-48860 [MEDIUM] CVE-2026-48860 erlang: Erlang/OTP: Authentication bypass allows arbitrary code execution via improper IP address validation [epel-all]
CVE-2026-48860 erlang: Erlang/OTP: Authentication bypass allows arbitrary code execution via improper IP address validation [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48860 erlang: Erlang/OTP: Authentication bypass allows arbitrary code execution via improper IP address validation
bugzilla·2026-06-10·CVSS 6.5
CVE-2026-48860 [MEDIUM] CVE-2026-48860 erlang: Erlang/OTP: Authentication bypass allows arbitrary code execution via improper IP address validation
CVE-2026-48860 erlang: Erlang/OTP: Authentication bypass allows arbitrary code execution via improper IP address validation
Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl (inet_tls_dist module) allows unauthenticated bypass of the distribution-over-TLS LAN allowlist.
The inet_tls_dist:check_ip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead of inet:peername/1 to obtain the peer's IP address. Because inet:sockname/1 returns the local socket address, both the local IP and the supposed peer IP resolve to the same value, causing the subnet mask comparison to always succeed regardless of the actual remote address. Any holder of a CA-signed TLS certificate can therefore bypass the LAN restriction and gain ful
https://cna.erlef.org/cves/CVE-2026-48860.htmlhttps://github.com/erlang/otp/commit/0209a6df65d605552b378273027b3968b35f26b4https://github.com/erlang/otp/security/advisories/GHSA-gp7x-mfv6-52cvhttps://osv.dev/vulnerability/EEF-CVE-2026-48860https://www.erlang.org/doc/system/versions.html#order-of-versions
2026-06-10
Published