Linux Distros Unpatched Vulnerability : CVE-2026-48856

🗓️ 11 Jun 2026 00:00:00Reported by TenableType
Unpatched Erlang inets vulnerability leaks credentials via cross origin redirects.
Reporter	Title	Published	Views	Family All 12
CVE	CVE-2026-48856	10 Jun 202614:41	–	cve
Cvelist	CVE-2026-48856 httpc leaks Authorization header to cross-origin redirect targets	10 Jun 202614:41	–	cvelist
FreeBSD	Erlang/OTP -- httpc leaks authentication headers on cross-host redirect	10 Jun 202600:00	–	freebsd
Debian CVE	CVE-2026-48856	10 Jun 202614:41	–	debiancve
EUVD	EUVD-2026-36058	10 Jun 202614:41	–	euvd
Tenable Nessus	FreeBSD : Erlang/OTP -- httpc leaks authentication headers on cross-host redirect (d87e2466-64d4-11f1-ab11-4c526214c986)	11 Jun 202600:00	–	nessus
NVD	CVE-2026-48856	10 Jun 202616:17	–	nvd
OSV	DEBIAN-CVE-2026-48856	10 Jun 202622:47	–	osv
OSV	EEF-CVE-2026-48856 httpc leaks Authorization header to cross-origin redirect targets	10 Jun 202614:41	–	osv
OSV	UBUNTU-CVE-2026-48856	11 Jun 202600:00	–	osv
Source	Link
security-tracker	www.security-tracker.debian.org/tracker/CVE-2026-48856
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(320495);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/11");

  script_cve_id("CVE-2026-48856");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2026-48856");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - Sensitive Data Exposure vulnerability in Erlang OTP inets (httpc_response module) allows Retrieve Embedded
    Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers to
    redirect targets without checking whether the redirect crosses an origin boundary.
    httpc_response:redirect/2 constructs the redirected request by updating only the host field of the header
    record; all other fields (including authorization and proxy_authorization) are copied verbatim. The
    redirect target host is never compared against the original host. autoredirect defaults to true, so this
    affects all httpc callers that do not explicitly disable automatic redirects. An attacker who controls a
    server that the victim contacts via httpc can issue a cross-origin 3xx redirect to a server they also
    control. The Authorization header (including Basic credentials derived from URL userinfo via
    httpc_request:handle_user_info/2) is forwarded to the redirect target, allowing credential theft. The same
    applies to the Proxy-Authorization header. This vulnerability is associated with program files
    lib/inets/src/http_client/httpc_response.erl. This issue affects OTP from 17.0 before 29.0.2, 28.5.0.2 and
    27.3.4.13 corresponding to inets from 5.10 before 9.7.1, 9.6.2.2 and 9.3.2.6. (CVE-2026-48856)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-48856");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-48856");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/06/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:12.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:13.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:14.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Debian Linux-11", "Host/OS/Debian Linux-12", "Host/OS/Debian Linux-13", "Host/OS/Debian Linux-14");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Debian Linux-12": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "12",
        "pkgs": [
          {"reference": "erlang"},
          {"reference": "erlang-asn1"},
          {"reference": "erlang-base"},
          {"reference": "erlang-common-test"},
          {"reference": "erlang-crypto"},
          {"reference": "erlang-debugger"},
          {"reference": "erlang-dev"},
          {"reference": "erlang-dialyzer"},
          {"reference": "erlang-diameter"},
          {"reference": "erlang-doc"},
          {"reference": "erlang-edoc"},
          {"reference": "erlang-eldap"},
          {"reference": "erlang-erl-docgen"},
          {"reference": "erlang-et"},
          {"reference": "erlang-eunit"},
          {"reference": "erlang-examples"},
          {"reference": "erlang-ftp"},
          {"reference": "erlang-inets"},
          {"reference": "erlang-jinterface"},
          {"reference": "erlang-manpages"},
          {"reference": "erlang-megaco"},
          {"reference": "erlang-mnesia"},
          {"reference": "erlang-mode"},
          {"reference": "erlang-nox"},
          {"reference": "erlang-observer"},
          {"reference": "erlang-odbc"},
          {"reference": "erlang-os-mon"},
          {"reference": "erlang-parsetools"},
          {"reference": "erlang-public-key"},
          {"reference": "erlang-reltool"},
          {"reference": "erlang-runtime-tools"},
          {"reference": "erlang-snmp"},
          {"reference": "erlang-src"},
          {"reference": "erlang-ssh"},
          {"reference": "erlang-ssl"},
          {"reference": "erlang-syntax-tools"},
          {"reference": "erlang-tftp"},
          {"reference": "erlang-tools"},
          {"reference": "erlang-wx"},
          {"reference": "erlang-x11"},
          {"reference": "erlang-xmerl"}
        ]
      }
    ]
  },
  "Debian Linux-11": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "11",
        "pkgs": [
          {"reference": "erlang"},
          {"reference": "erlang-asn1"},
          {"reference": "erlang-base"},
          {"reference": "erlang-base-hipe"},
          {"reference": "erlang-common-test"},
          {"reference": "erlang-crypto"},
          {"reference": "erlang-debugger"},
          {"reference": "erlang-dev"},
          {"reference": "erlang-dialyzer"},
          {"reference": "erlang-diameter"},
          {"reference": "erlang-doc"},
          {"reference": "erlang-edoc"},
          {"reference": "erlang-eldap"},
          {"reference": "erlang-erl-docgen"},
          {"reference": "erlang-et"},
          {"reference": "erlang-eunit"},
          {"reference": "erlang-examples"},
          {"reference": "erlang-ftp"},
          {"reference": "erlang-inets"},
          {"reference": "erlang-jinterface"},
          {"reference": "erlang-manpages"},
          {"reference": "erlang-megaco"},
          {"reference": "erlang-mnesia"},
          {"reference": "erlang-mode"},
          {"reference": "erlang-nox"},
          {"reference": "erlang-observer"},
          {"reference": "erlang-odbc"},
          {"reference": "erlang-os-mon"},
          {"reference": "erlang-parsetools"},
          {"reference": "erlang-public-key"},
          {"reference": "erlang-reltool"},
          {"reference": "erlang-runtime-tools"},
          {"reference": "erlang-snmp"},
          {"reference": "erlang-src"},
          {"reference": "erlang-ssh"},
          {"reference": "erlang-ssl"},
          {"reference": "erlang-syntax-tools"},
          {"reference": "erlang-tftp"},
          {"reference": "erlang-tools"},
          {"reference": "erlang-wx"},
          {"reference": "erlang-x11"},
          {"reference": "erlang-xmerl"}
        ]
      }
    ]
  },
  "Debian Linux-13": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "13",
        "pkgs": [
          {"reference": "erlang"},
          {"reference": "erlang-asn1"},
          {"reference": "erlang-base"},
          {"reference": "erlang-common-test"},
          {"reference": "erlang-crypto"},
          {"reference": "erlang-debugger"},
          {"reference": "erlang-dev"},
          {"reference": "erlang-dialyzer"},
          {"reference": "erlang-diameter"},
          {"reference": "erlang-doc"},
          {"reference": "erlang-edoc"},
          {"reference": "erlang-eldap"},
          {"reference": "erlang-et"},
          {"reference": "erlang-eunit"},
          {"reference": "erlang-examples"},
          {"reference": "erlang-ftp"},
          {"reference": "erlang-inets"},
          {"reference": "erlang-jinterface"},
          {"reference": "erlang-megaco"},
          {"reference": "erlang-mnesia"},
          {"reference": "erlang-mode"},
          {"reference": "erlang-nox"},
          {"reference": "erlang-observer"},
          {"reference": "erlang-odbc"},
          {"reference": "erlang-os-mon"},
          {"reference": "erlang-parsetools"},
          {"reference": "erlang-public-key"},
          {"reference": "erlang-reltool"},
          {"reference": "erlang-runtime-tools"},
          {"reference": "erlang-snmp"},
          {"reference": "erlang-src"},
          {"reference": "erlang-ssh"},
          {"reference": "erlang-ssl"},
          {"reference": "erlang-syntax-tools"},
          {"reference": "erlang-tftp"},
          {"reference": "erlang-tools"},
          {"reference": "erlang-wx"},
          {"reference": "erlang-x11"},
          {"reference": "erlang-xmerl"}
        ]
      }
    ]
  },
  "Debian Linux-14": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "14",
        "pkgs": [
          {"reference": "erlang"},
          {"reference": "erlang-asn1"},
          {"reference": "erlang-base"},
          {"reference": "erlang-common-test"},
          {"reference": "erlang-crypto"},
          {"reference": "erlang-debugger"},
          {"reference": "erlang-dev"},
          {"reference": "erlang-dialyzer"},
          {"reference": "erlang-diameter"},
          {"reference": "erlang-doc"},
          {"reference": "erlang-edoc"},
          {"reference": "erlang-eldap"},
          {"reference": "erlang-et"},
          {"reference": "erlang-eunit"},
          {"reference": "erlang-examples"},
          {"reference": "erlang-ftp"},
          {"reference": "erlang-inets"},
          {"reference": "erlang-jinterface"},
          {"reference": "erlang-megaco"},
          {"reference": "erlang-mnesia"},
          {"reference": "erlang-mode"},
          {"reference": "erlang-nox"},
          {"reference": "erlang-observer"},
          {"reference": "erlang-odbc"},
          {"reference": "erlang-os-mon"},
          {"reference": "erlang-parsetools"},
          {"reference": "erlang-public-key"},
          {"reference": "erlang-reltool"},
          {"reference": "erlang-runtime-tools"},
          {"reference": "erlang-snmp"},
          {"reference": "erlang-src"},
          {"reference": "erlang-ssh"},
          {"reference": "erlang-ssl"},
          {"reference": "erlang-syntax-tools"},
          {"reference": "erlang-tftp"},
          {"reference": "erlang-tools"},
          {"reference": "erlang-wx"},
          {"reference": "erlang-x11"},
          {"reference": "erlang-xmerl"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}
11 Jun 2026 00:00Current
5.6Medium risk
Vulners AI Score5.6
CVSS 47.1
EPSS0.00044
SSVC