Search CVE reports


Toggle filters

1 – 10 of 50 results


CVE-2026-55952

Medium priority
Needs evaluation

The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler....

1 affected package

erlang

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
erlang Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-55950

Medium priority
Needs evaluation

Time-of-check Time-of-use (TOCTOU) race condition vulnerability in Erlang/OTP ssl (dtls_packet_demux module) allows an unauthenticated remote attacker to crash all active DTLS sessions on a listener. A DTLS server listener uses a...

1 affected package

erlang

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
erlang Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-54891

Medium priority
Needs evaluation

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl (tls_gen_connection module) allows a network-positioned attacker to inject unauthenticated plaintext that the...

1 affected package

erlang

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
erlang Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-54887

Medium priority
Needs evaluation

Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl (DTLS server) allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup,...

1 affected package

erlang

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
erlang Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-54886

Medium priority
Needs evaluation

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handle_data/4 function in...

1 affected package

erlang

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
erlang Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-53422

Medium priority
Needs evaluation

Observable Response Discrepancy vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSH_FXP_REALPATH...

1 affected package

erlang

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
erlang Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-49760

Medium priority
Needs evaluation

Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface) allows Stack-based Buffer Overflow. This vulnerability is associated with program file lib/erl_interface/src/misc/ei_printterm.c and program...

1 affected package

erlang

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
erlang Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-49759

Medium priority
Needs evaluation

Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctp_parse_error_chunk function...

1 affected package

erlang

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
erlang Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-48860

Medium priority
Needs evaluation

Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl (inet_tls_dist module) allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inet_tls_dist:check_ip/1 function, which enforces a LAN...

1 affected package

erlang

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
erlang Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-48859

Medium priority
Needs evaluation

Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enumeration via timing side-channel in password authentication. When the SSH daemon is configured...

1 affected package

erlang

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
erlang Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages