CVE-2026-54891
- EPSS 0.14%
- Veröffentlicht 02.07.2026 16:06:30
- Zuletzt bearbeitet 07.07.2026 14:46:21
Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl (tls_gen_connection module) allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client applicat...
CVE-2026-55950
- EPSS 0.38%
- Veröffentlicht 02.07.2026 16:06:24
- Zuletzt bearbeitet 07.07.2026 14:45:59
Time-of-check Time-of-use (TOCTOU) race condition vulnerability in Erlang/OTP ssl (dtls_packet_demux module) allows an unauthenticated remote attacker to crash all active DTLS sessions on a listener. A DTLS server listener uses a single shared dtls_...
CVE-2026-54886
- EPSS 0.33%
- Veröffentlicht 02.07.2026 16:06:20
- Zuletzt bearbeitet 07.07.2026 14:53:35
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handle_data/4 function in ssh_sftpd contains a catch-...
CVE-2026-55952
- EPSS 0.49%
- Veröffentlicht 02.07.2026 16:06:08
- Zuletzt bearbeitet 07.07.2026 14:44:47
The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tls_handshake_1_3:handle_pre...
CVE-2026-54887
- EPSS 0.24%
- Veröffentlicht 02.07.2026 16:06:04
- Zuletzt bearbeitet 07.07.2026 14:52:32
Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl (DTLS server) allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtls_server_connection:initial_...
CVE-2026-53422
- EPSS 0.26%
- Veröffentlicht 02.07.2026 16:06:03
- Zuletzt bearbeitet 07.07.2026 14:56:32
Observable Response Discrepancy vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSH_FXP_REALPATH handler in ssh_sftpd...
CVE-2026-48856
- EPSS 0.34%
- Veröffentlicht 10.06.2026 14:41:51
- Zuletzt bearbeitet 15.06.2026 18:23:43
Sensitive Data Exposure vulnerability in Erlang OTP inets (httpc_response module) allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking wheth...
CVE-2026-48855
- EPSS 0.28%
- Veröffentlicht 10.06.2026 14:35:49
- Zuletzt bearbeitet 15.06.2026 18:23:33
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh (ssh_sftpd module) allows File Discovery. The SSH_FXP_READLINK handler in ssh_sftpd sends the raw result of file:read_link/2 to the client without calling chr...
CVE-2026-48860
- EPSS 0.19%
- Veröffentlicht 10.06.2026 14:35:49
- Zuletzt bearbeitet 15.06.2026 18:24:03
Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl (inet_tls_dist module) allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inet_tls_dist:check_ip/1 function, which enforces a LAN allowlist for Erla...
CVE-2026-48858
- EPSS 0.23%
- Veröffentlicht 10.06.2026 14:35:45
- Zuletzt bearbeitet 11.06.2026 19:27:00
Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP ftp (ftp_internal module) allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftp_internal:handle_ctrl_result/2 PASV handler (mode=passive, ipfamily=inet,...