EEF-CVE-2026-42789 Non-CA certificate accepted as intermediate issuer in public_key path validation

🗓️ 27 May 2026 12:23:06Reported by GoogleType

osv🔗 osv.dev👁 3 Views

Vulnerability lets non-CA certificates be used as intermediates in Erlang OTP public_key path validation, enabling chain forgery.

Reporter	Title	Published	Views	Family All 24
FreeBSD	Erlang/OTP -- public_key accepts non-CA certificate as intermediate issuer	27 May 202600:00	–	freebsd
CBLMariner	CVE-2026-42789 affecting package erlang for versions less than 26.2.5.21-1	10 Jun 202602:46	–	cbl_mariner
CNNVD	Erlang/OTP 安全漏洞	27 May 202600:00	–	cnnvd
CVE	CVE-2026-42789	27 May 202612:23	–	cve
Cvelist	CVE-2026-42789 Non-CA certificate accepted as intermediate issuer in public_key path validation	27 May 202612:23	–	cvelist
Debian CVE	CVE-2026-42789	27 May 202612:23	–	debiancve
Tenable Nessus	Erlang/OTP 17.0 < 26.2.5.21 / 27.0 < 27.3.4.12 / 28.0 < 28.5.0.1 / 29.0 < 29.0.1 Certificate Chain Forgery (CVE-2026-42789)	29 May 202600:00	–	nessus
Tenable Nessus	FreeBSD : Erlang/OTP -- public_key accepts non-CA certificate as intermediate issuer (9357a450-5a54-11f1-b886-4c526214c986)	28 May 202600:00	–	nessus
Tenable Nessus	openSUSE 16 Security Update : erlang (openSUSE-SU-2026:20907-1)	11 Jun 202600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2026-42789	29 May 202600:00	–	nessus

Source	Link
github	www.github.com/erlang/otp/security/advisories/GHSA-c99q-jmpx-v8qq
cna	www.cna.erlef.org/cves/CVE-2026-42789.html
erlang	www.erlang.org/doc/system/versions.html
github	www.github.com/erlang/otp/commit/471cd2f664300a95353c467873800bbe706005db
github	www.github.com/erlang/otp/commit/59c8d824386b2eb1614ff9340624843ef6aca0fd

27 May 2026 16:00Current

6Medium risk

Vulners AI Score6

CVSS 47

EPSS0.00233