E

Erlang Security Vulnerabilities (CVE)

Explore vulnerabilities and security advisories affecting Erlang products.

3 known CVE vulnerabilities tracked

Critical
0
High
1
Medium
1
Low
1
None
0

Vulnerabilities By Year

3
2026

Products Affected

Erlang\/Otp 3

All Erlang CVEs

Recent Highest Score Oldest
CVE-2026-42790
8.1 high

Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted (e.g. pe

Erlang\/Otp May 27, 2026
CVE-2026-42791
3.7 low

Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkey_ocsp:verify_response/5 and pubkey_ocsp:is_authorized_responder/3 in lib

Erlang\/Otp May 27, 2026
CVE-2026-42789
4.8 medium

Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_cert module) allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/public_key/src/pubkey_cert.erl, pubkey_cert:validate_extensions/7 contain

Erlang\/Otp May 27, 2026