SUSE CVE-2026-48858

Server-Side Request Forgery SSRF vulnerability in Erlang/OTP ftp ftpinternal module allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftpinternal:handlectrlresult/2 PASV handler mode=passive, ipfamily=inet, ftpextension=false extracts the IP address from the...

Linux Distros Unpatched Vulnerability : CVE-2026-49759

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack-based Buffer Overflow vulnerability in Erlang OTP erts inetdrv allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP...

FreeBSD : Erlang/OTP -- SFTP READLINK discloses server filesystem paths (d87e41a4-64d4-11f1-ab11-4c526214c986)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d87e41a4-64d4-11f1-ab11-4c526214c986 advisory. https://github.com/erlang/otp/security/advisories/GHSA-pv7g-pjrq-x2fh reports: The SSH SFTP daemon's...

CVE-2026-49760

Stack-based Buffer Overflow vulnerability in Erlang OTP erlinterface allows Stack-based Buffer Overflow. This vulnerability is associated with program file lib/erlinterface/src/misc/eiprintterm.c and program routine eisprintterm. The C function eisprintterm uses an internal 2000-character stack...

CVE-2026-49759

Stack-based Buffer Overflow vulnerability in Erlang OTP erts inetdrv allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctpparseerrorchunk function in erts/emulator/drivers/common/inetdrv.c parses SCTP ERROR chunks and writes cause codes int...

CVE-2026-48858 ftp client PASV response IP not validated against control peer, enabling SSRF and FTP bounce attacks

Server-Side Request Forgery SSRF vulnerability in Erlang/OTP ftp ftpinternal module allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftpinternal:handlectrlresult/2 PASV handler mode=passive, ipfamily=inet, ftpextension=false extracts the IP address from the...

CVE-2026-48858

The CVE-2026-48858 entry describes a Server-Side Request Forgery (SSRF) flaw in Erlang/OTP ftp’s PASV path: the ftp_internal PASV handler accepts the server’s 227 response IP and passes it to gen_tcp:connect without validating it against the control connection peer, unlike EPSV handlers. This ena...

EUVD-2026-36053

Stack-based Buffer Overflow vulnerability in Erlang OTP erts inetdrv allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctpparseerrorchunk function in erts/emulator/drivers/common/inetdrv.c parses SCTP ERROR chunks and writes cause codes int...

Erlang/OTP -- FTP passive-mode client does not validate server response IP

https://github.com/erlang/otp/security/advisories/GHSA-24cv-hwgr-37fq reports: The FTP client in passive mode did not validate the IP address returned in the server's response, allowing a compromised or malicious server to redirect the data connection to an arbitrary host. This enables server-sid...

CVE-2026-43973

CVE-2026-43973 concerns the Erlang/Elixir library gun_http in the Gun framework. The vulnerability is an uncontrolled resource consumption: three code paths in gun_http:handle/5 accumulate TCP data into a connection buffer using binary concatenation with no upper bound. If a malicious server send...

CVE-2026-42790

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeycert and publickey modules allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted e.g...

CVE-2026-42790 nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeycert and publickey modules allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted e.g...

EEF-CVE-2026-42791 OCSP responder certificate validity period not checked in public_key

Summary Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkeyocsp:verifyresponse/5 and pubkeyocsp:isauthorizedresponder/3 in...

CVE-2026-42791

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkeyocsp:verifyresponse/5 and pubkeyocsp:isauthorizedresponder/3 in...

CVE-2026-42789 Non-CA certificate accepted as intermediate issuer in public_key path validation

Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey pubkeycert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/publickey/src/pubkeycert.erl, pubkeycert:validateextensions/7 contains two...

PT-2026-44041

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 19.3 through 26.2.5.20 Erlang OTP versions 26.2.5.21 through 27.3.4.11 Erlang OTP versions 27.3.4.12 through 28.5.0.0 Erlang OTP versions 28.5.0.1 through 29.0.0 public key versions 1.4 through 1.15.1.6 public key versions...

CVE-2026-8469

Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenixstorybook allows unauthenticated denial-of-service via BEAM atom table exhaustion. Multiple LiveView event handlers convert user-supplied event parameter strings to atoms using String.toatom/1 without...

CVE-2026-28808

Incorrect Authorization vulnerability in Erlang OTP inets modules allows unauthenticated access to CGI scripts protected by directory rules when served via scriptalias. When scriptalias maps a URL prefix to a directory outside DocumentRoot, modauth evaluates directory-based access controls agains...

EUVD-2026-19602

Incorrect Authorization vulnerability in Erlang OTP inets modules allows unauthenticated access to CGI scripts protected by directory rules when served via scriptalias. When scriptalias maps a URL prefix to a directory outside DocumentRoot, modauth evaluates directory-based access controls agains...

CVE-2026-32144

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in publickey:pkixocspvalidate/5 does not verify that a CA-designated responder certificate...