Erlang Otp vulnerabilities
29 known vulnerabilities affecting erlang/erlang_otp.
Total CVEs
29
CISA KEV
1
actively exploited
Public exploits
2
Exploited in wild
2
Severity breakdown
CRITICAL5HIGH8MEDIUM14LOW2
Vulnerabilities
Page 1 of 2
CVE-2025-32433P1CRITICALCVSS 10.0KEVPoCRansomwarefixed in 25.3.2.20≥ 26.0, < 26.2.5.11+1 more2025-04-16
CVE-2025-32433 [CRITICAL] CWE-306 CVE-2025-32433: Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3,
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems a
nvdosv
CVE-2023-48795P1MEDIUMCVSS 5.9ExploitedPoCfixed in 22.3.4.27≥ 23.0, < 23.3.4.20+3 more2023-12-18
CVE-2023-48795 [MEDIUM] CWE-354 CVE-2023-48795: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other pr
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgr
nvdosv
CVE-2026-28808P2CRITICALCVSS 9.8≥ 17.0, < 26.2.5.19≥ 27.0, < 27.3.4.10+1 more2026-04-07
CVE-2026-28808 [CRITICAL] CWE-863 CVE-2026-28808: Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to
Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to CGI scripts protected by directory rules when served via script_alias.
When script_alias maps a URL prefix to a directory outside DocumentRoot, mod_auth evaluates directory-based access controls against the DocumentRoot-relative path while mod_cgi
nvd
CVE-2026-23941P2CRITICALCVSS 9.4≥ 17.0, < 26.2.5.18≥ 27.0, < 27.3.4.9+1 more2026-03-13
CVE-2026-23941 [CRITICAL] CWE-444 CVE-2026-23941: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling.
This vulnerability is associated with program files lib/inets/src/http_server/httpd_request.erl and program routines httpd_request:parse_headers/7.
The server does not reject or normalize duplicat
nvd
CVE-2022-37026P3CRITICALCVSS 9.8fixed in 23.3.4.15≥ 24.0, < 24.3.4.2+1 more2022-09-21
CVE-2022-37026 [CRITICAL] CVE-2022-37026: In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Auth
In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.
nvdosv
CVE-2026-49759P3HIGHCVSS 8.2≥ 17.0, < 27.3.4.13≥ 28.0, < 28.5.0.2+1 more2026-06-10
CVE-2026-49759 [HIGH] CWE-121 CVE-2026-49759: Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated re
Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk.
The sctp_parse_error_chunk function in erts/emulator/drivers/common/inet_drv.c parses SCTP ERROR chunks and writes cause codes into a fixed-size stack-allocated ErlDrvTermData sp
nvd
CVE-2020-25623P3HIGHCVSS 7.5≥ 22.3.0, < 22.3.4.6≥ 23.0.0, < 23.12020-10-02
CVE-2020-25623 [HIGH] CWE-22 CVE-2020-25623: Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can s
Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used.
nvdosv
CVE-2026-32144P3HIGHCVSS 7.4≥ 27.0, < 27.3.4.10≥ 28.0, < 28.4.22026-04-07
CVE-2026-32144 [HIGH] CWE-295 CVE-2026-32144: Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows O
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization bypass via missing signature verification.
The OCSP response validation in public_key:pkix_ocsp_validate/5 does not verify that a CA-designated responder certificate was cryptographically signed by the issuing CA.
nvd
CVE-2016-10253P3CRITICALCVSS 9.8v18.0v18.0.1+61 more2017-03-18
CVE-2016-10253 [CRITICAL] CWE-119 CVE-2016-10253: An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is v
An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to.
nvdosv
CVE-2017-1000385P3MEDIUMCVSS 5.9v18.3.4.7v19.3.6.4+1 more2017-12-12
CVE-2017-1000385 [MEDIUM] CWE-203 CVE-2017-1000385: The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).
nvdosv
CVE-2026-42790P3HIGHCVSS 8.1≥ 19.3, < 26.2.5.21≥ 27.0, < 27.3.4.12+2 more2026-05-27
CVE-2026-42790 [HIGH] CWE-295 CVE-2026-42790: Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key m
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification.
Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted (e.g. permitted;DNS:allowed.example.com) to issue a leaf cert
nvd
CVE-2014-1693P3HIGHCVSS 7.5vr15b032014-12-08
CVE-2014-1693 [HIGH] CVE-2014-1693: Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-depende
Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via CRLF sequences in the (1) user, (2) account, (3) cd, (4) ls, (5) nlist, (6) rename, (7) delete, (8) mkdir, (9) rmdir, (10) recv, (11) recv_bin, (12) recv_chunk_start, (13) send, (14) send_bin, (15) send_chunk_star
nvdosv
CVE-2026-48856P3MEDIUMCVSS 6.5≥ 17.0, < 27.3.4.13≥ 28.0, < 28.5.0.2+1 more2026-06-10
CVE-2026-48856 [MEDIUM] CWE-601 CVE-2026-48856: Sensitive Data Exposure vulnerability in Erlang OTP inets (httpc_response module) allows Retrieve Em
Sensitive Data Exposure vulnerability in Erlang OTP inets (httpc_response module) allows Retrieve Embedded Sensitive Data.
The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary. httpc_response:redirect/2 constructs the redirected reque
nvd
CVE-2026-48855P3MEDIUMCVSS 6.5≥ 17.0, < 27.3.4.13≥ 28.0, < 28.5.0.2+1 more2026-06-10
CVE-2026-48855 [MEDIUM] CWE-200 CVE-2026-48855: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh (ssh_sftp
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh (ssh_sftpd module) allows File Discovery.
The SSH_FXP_READLINK handler in ssh_sftpd sends the raw result of file:read_link/2 to the client without calling chroot_filename/2 to strip the backend root prefix. An authenticated SFTP client can create a symlink in
nvd
CVE-2026-48858P3MEDIUMCVSS 6.5≥ 17.4, < 27.3.4.13≥ 28.0, < 28.5.0.2+1 more2026-06-10
CVE-2026-48858 [MEDIUM] CWE-918 CVE-2026-48858: Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP ftp (ftp_internal module) allows FTP
Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP ftp (ftp_internal module) allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address.
The ftp_internal:handle_ctrl_result/2 PASV handler (mode=passive, ipfamily=inet, ftp_extension=false) extracts the IP address from the server's 227 response and passes it directly to
nvd
CVE-2026-48860P3MEDIUMCVSS 6.5≥ 26.0, < 27.3.4.13≥ 28.0, < 28.5.0.2+1 more2026-06-10
CVE-2026-48860 [MEDIUM] CWE-863 CVE-2026-48860: Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl (inet_tls_dist module) all
Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl (inet_tls_dist module) allows unauthenticated bypass of the distribution-over-TLS LAN allowlist.
The inet_tls_dist:check_ip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead of inet:peername/1 to obtain the peer's IP ad
nvd
CVE-2020-35733P3HIGHCVSS 7.5fixed in 23.2.22021-01-15
CVE-2020-35733 [HIGH] CWE-295 CVE-2020-35733: An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.
nvdosv
CVE-2026-23942P3MEDIUMCVSS 5.4≥ 17.0, < 26.2.5.18≥ 27.0, < 27.3.4.9+1 more2026-03-13
CVE-2026-23942 [MEDIUM] CWE-22 CVE-2026-23942: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erla
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal.
This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and program routines ssh_sftpd:is_within_root/2.
The SFTP server uses string prefix matching via lists:prefix/2 rather than
nvd
CVE-2026-48859P3MEDIUMCVSS 5.3≥ 29.0, < 29.0.22026-06-10
CVE-2026-48859 [MEDIUM] CWE-208 CVE-2026-48859: Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows
Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enumeration via timing side-channel in password authentication.
When the SSH daemon is configured with the user_passwords or password option, ssh_auth:check_password/3 performs a PBKDF2-SHA256 computation with 600,000
nvd
CVE-2011-0766P4HIGHCVSS 7.8vr11b-5vr12b-5+8 more2011-05-31
CVE-2011-0766 [HIGH] CWE-310 CVE-2011-0766: The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used
The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.
nvdosv
1 / 2Next →