cbcvebase.

Erlang Otp vulnerabilities

28 known vulnerabilities affecting erlang/otp.

Total CVEs
28
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH6MEDIUM15LOW4

Vulnerabilities

Page 1 of 2
CVE-2025-32433P1CRITICALCVSS 10.0KEVPoCRansomwarev>= OTP-27.0-rc1, < OTP-27.3.3v>= OTP-26.0-rc1, < OTP-26.2.5.11+1 more2025-04-16
CVE-2025-32433 [CRITICAL] CWE-306 CVE-2025-32433: Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems a
nvd
CVE-2026-28808P2CRITICALCVSS 9.8≥ 5.10, < *≥ 17.0, < *+1 more2026-04-07
CVE-2026-28808 [CRITICAL] CWE-863 CVE-2026-28808: Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to CGI scripts protected by directory rules when served via script_alias. When script_alias maps a URL prefix to a directory outside DocumentRoot, mod_auth evaluates directory-based access controls against the DocumentRoot-relative path while mod_cgi
nvd
CVE-2026-23941P2CRITICALCVSS 9.4≥ 5.10, < *≥ 17.0, < *+1 more2026-03-13
CVE-2026-23941 [CRITICAL] CWE-444 CVE-2026-23941: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/http_server/httpd_request.erl and program routines httpd_request:parse_headers/7. The server does not reject or normalize duplicat
nvd
CVE-2026-49759P3HIGHCVSS 8.2≥ 6.0, < *≥ 17.0, < *+1 more2026-06-10
CVE-2026-49759 [HIGH] CWE-121 CVE-2026-49759: Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated re Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctp_parse_error_chunk function in erts/emulator/drivers/common/inet_drv.c parses SCTP ERROR chunks and writes cause codes into a fixed-size stack-allocated ErlDrvTermData sp
nvd
CVE-2026-32144P3HIGHCVSS 7.4≥ 1.16, < *≥ 11.2, < *+2 more2026-04-07
CVE-2026-32144 [HIGH] CWE-295 CVE-2026-32144: Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows O Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in public_key:pkix_ocsp_validate/5 does not verify that a CA-designated responder certificate was cryptographically signed by the issuing CA.
nvd
CVE-2026-42790P3HIGHCVSS 8.1≥ 1.4, < *≥ 19.3, < *+1 more2026-05-27
CVE-2026-42790 [HIGH] CWE-295 CVE-2026-42790: Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key m Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted (e.g. permitted;DNS:allowed.example.com) to issue a leaf cert
nvd
CVE-2026-48856P3MEDIUMCVSS 6.5≥ 5.10, < *≥ 17.0, < *+1 more2026-06-10
CVE-2026-48856 [MEDIUM] CWE-601 CVE-2026-48856: Sensitive Data Exposure vulnerability in Erlang OTP inets (httpc_response module) allows Retrieve Em Sensitive Data Exposure vulnerability in Erlang OTP inets (httpc_response module) allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary. httpc_response:redirect/2 constructs the redirected reque
nvd
CVE-2026-48855P3MEDIUMCVSS 6.5≥ 3.0.1, < *≥ 17.0, < *+1 more2026-06-10
CVE-2026-48855 [MEDIUM] CWE-200 CVE-2026-48855: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh (ssh_sftp Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh (ssh_sftpd module) allows File Discovery. The SSH_FXP_READLINK handler in ssh_sftpd sends the raw result of file:read_link/2 to the client without calling chroot_filename/2 to strip the backend root prefix. An authenticated SFTP client can create a symlink in
nvd
CVE-2026-48858P3MEDIUMCVSS 6.5≥ 5.10.4, < 7.0≥ 1.0, < *+2 more2026-06-10
CVE-2026-48858 [MEDIUM] CWE-918 CVE-2026-48858: Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP ftp (ftp_internal module) allows FTP Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP ftp (ftp_internal module) allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftp_internal:handle_ctrl_result/2 PASV handler (mode=passive, ipfamily=inet, ftp_extension=false) extracts the IP address from the server's 227 response and passes it directly to
nvd
CVE-2026-48860P3MEDIUMCVSS 6.5≥ 11.0, < *≥ 26.0, < *+1 more2026-06-10
CVE-2026-48860 [MEDIUM] CWE-863 CVE-2026-48860: Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl (inet_tls_dist module) all Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl (inet_tls_dist module) allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inet_tls_dist:check_ip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead of inet:peername/1 to obtain the peer's IP ad
nvd
CVE-2025-30211P3HIGHCVSS 7.5fixed in OTP-27.3.1fixed in OTP-26.2.5.10+1 more2025-03-28
CVE-2025-30211 [HIGH] CWE-789 CVE-2025-30211: Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names (64 characters) provided in KEX init message. Big KEX init packet may lead to ineffi
nvd
CVE-2025-48041P3HIGHCVSS 7.1≥ 3.0.1, < *≥ 17.0, < *+1 more2025-09-11
CVE-2025-48041 [HIGH] CWE-400 CVE-2025-48041: Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modul Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2
nvd
CVE-2025-48040P3MEDIUMCVSS 6.9≥ 3.0.1, < *≥ 17.0, < *+1 more2025-09-11
CVE-2025-48040 [MEDIUM] CWE-400 CVE-2025-48040: Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessiv Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.1
nvd
CVE-2025-26618P3HIGHCVSS 7.0v>= OTP-27.0.0, < OTP-27.2.4v>= OTP-26.0.0.0, < OTP-26.2.5.9+1 more2025-02-20
CVE-2025-26618 [HIGH] CWE-789 CVE-2025-26618: Erlang is a programming language and runtime system for building massively scalable soft real-time s Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang. Packet size is not verified properly for SFTP packets. As a resul
nvd
CVE-2026-23942P3MEDIUMCVSS 5.4≥ 3.0.1, < *≥ 17.0, < *+1 more2026-03-13
CVE-2026-23942 [MEDIUM] CWE-22 CVE-2026-23942: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erla Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and program routines ssh_sftpd:is_within_root/2. The SFTP server uses string prefix matching via lists:prefix/2 rather than
nvd
CVE-2026-48859P3MEDIUMCVSS 5.3≥ 6.0, < 6.0.1≥ 29.0, < 29.0.2+1 more2026-06-10
CVE-2026-48859 [MEDIUM] CWE-208 CVE-2026-48859: Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enumeration via timing side-channel in password authentication. When the SSH daemon is configured with the user_passwords or password option, ssh_auth:check_password/3 performs a PBKDF2-SHA256 computation with 600,000
nvd
CVE-2026-23943P4MEDIUMCVSS 5.3≥ 3.0.1, < *≥ 17.0, < *+1 more2026-03-13
CVE-2026-23943 [MEDIUM] CWE-409 CVE-2026-23943: Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_ Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication without any size limit, enabling reliable memory ex
nvd
CVE-2025-48038P4MEDIUMCVSS 5.3≥ 3.0.1, < *≥ 17.0, < *+1 more2025-09-11
CVE-2025-48038 [MEDIUM] CWE-400 CVE-2025-48038: Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modul Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1
nvd
CVE-2025-48039P4MEDIUMCVSS 5.3≥ 3.0.1, < *≥ 17.0, < *+1 more2025-09-11
CVE-2025-48039 [MEDIUM] CWE-400 CVE-2025-48039: Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modul Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1
nvd
CVE-2026-42789P4MEDIUMCVSS 4.8≥ 0.22, < *≥ 17.0, < *+1 more2026-05-27
CVE-2026-42789 [MEDIUM] CWE-295 CVE-2026-42789: Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_ Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_cert module) allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/public_key/src/pubkey_cert.erl, pubkey_cert:validate_extensions/7 contains two flaws that together allow a certificate with
nvd
Erlang Otp vulnerabilities | cvebase