Vulnerability in Erlang Erlang\/inets
CVE-2026-23941
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/http_server/httpd_re…
Vulnerability class: HTTP Request Smuggling
EPSS: 0.000 (9.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.4 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L.
Affected products
- Erlang Erlang\/inets
- Erlang Erlang\/otp
- Erlang Otp — versions 5.10, 17.0, 0
Weakness classification (CWE)
References
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, vendor-advisory, Vendor Advisory)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, Vendor Advisory)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, Third Party Advisory)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (Product, x_version-scheme)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (Patch, patch)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (Patch, patch)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (Patch, patch)
Frequently asked questions
- What is CVE-2026-23941?
- CVE-2026-23941 is a critical-severity vulnerability in Erlang Erlang\/inets, classified under Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling). CVSS score: 9.4/10. Published 2026-03-13.
- How severe is CVE-2026-23941?
- Critical severity. CVSS v3 base score is 9.4 out of 10.