Lucene search
+L

CVE-2026-21620 TFTP Path Traversal

🗓️ 20 Feb 2026 10:57:08Reported by EEFType 
cvelist
 cvelist
🔗 www.cve.org👁 24 Views

CVE-2026-21620 allows relative path traversal in TFTP file handling across Erlang OTP modules.

Related
Affected
Refs
ReporterTitlePublishedViews
Family
ibm
Security Bulletin: Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp
18 May 202606:37
ibm
attackerkb
CVE-2026-21620
20 Feb 202610:57
attackerkb
cbl_mariner
CVE-2026-21620 affecting package erlang for versions less than 26.2.5.17-1
10 Mar 202622:56
cbl_mariner
circl
CVE-2026-21620
27 Feb 202614:05
circl
cnnvd
Erlang/OTP 安全漏洞
20 Feb 202600:00
cnnvd
cve
CVE-2026-21620
20 Feb 202610:57
cve
debian
[SECURITY] [DLA 4590-1] erlang security update
19 May 202600:07
debian
debiancve
CVE-2026-21620
20 Feb 202610:57
debiancve
nessus
Debian dla-4590 : erlang - security update
19 May 202600:00
nessus
nessus
Fedora 43 : erlang (2026-8a15e7a423)
5 Mar 202600:00
nessus
Rows per page
[
  {
    "collectionURL": "https://github.com",
    "cpes": [
      "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "modules": [
      "tftp_file"
    ],
    "packageName": "erlang/otp",
    "packageURL": "pkg:github/erlang/otp",
    "product": "OTP",
    "programFiles": [
      "lib/tftp/src/tftp_file.erl"
    ],
    "repo": "https://github.com/erlang/otp",
    "vendor": "Erlang",
    "versions": [
      {
        "changes": [
          {
            "at": "26.2.5.17",
            "status": "unaffected"
          },
          {
            "at": "27.3.4.8",
            "status": "unaffected"
          },
          {
            "at": "28.3.2",
            "status": "unaffected"
          }
        ],
        "lessThan": "*",
        "status": "affected",
        "version": "17.0",
        "versionType": "otp"
      },
      {
        "changes": [
          {
            "at": "655fb95725ba2fb811740b57e106873833824344",
            "status": "unaffected"
          },
          {
            "at": "3970738f687325138eb75f798054fa8960ac354e",
            "status": "unaffected"
          },
          {
            "at": "696fdec922661d4a3cc528fc34bc24fae8d4ad8a",
            "status": "unaffected"
          }
        ],
        "lessThan": "*",
        "status": "affected",
        "version": "07b8f441ca711f9812fad9e9115bab3c3aa92f79",
        "versionType": "git"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "tftp_file"
    ],
    "packageName": "inets",
    "packageURL": "pkg:otp/inets?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp&vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git",
    "product": "OTP",
    "programFiles": [
      "src/tftp_file.erl"
    ],
    "repo": "https://github.com/erlang/otp",
    "vendor": "Erlang",
    "versions": [
      {
        "lessThan": "7.0",
        "status": "affected",
        "version": "5.10",
        "versionType": "otp"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "tftp_file"
    ],
    "packageName": "tftp",
    "packageURL": "pkg:otp/tftp?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp&vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git",
    "product": "OTP",
    "programFiles": [
      "src/tftp_file.erl"
    ],
    "repo": "https://github.com/erlang/otp",
    "vendor": "Erlang",
    "versions": [
      {
        "changes": [
          {
            "at": "1.1.1.1",
            "status": "unaffected"
          },
          {
            "at": "1.2.2.1",
            "status": "unaffected"
          },
          {
            "at": "1.2.4",
            "status": "unaffected"
          }
        ],
        "lessThan": "*",
        "status": "affected",
        "version": "1.0",
        "versionType": "otp"
      }
    ]
  }
]

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation