Vulnerability in Erlang Erlang\/otp
CVE-2026-42789
Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_cert module) allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/public_key/s…
Vulnerability class: Improper Certificate Validation
EPSS: 0.000 (11.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.8 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N.
Affected products
- Erlang Erlang\/otp
- Erlang Otp — versions 0.22, 17.0, 84adefa331c4159d432d22840663c38f155cd4c1
Weakness classification (CWE)
References
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, vendor-advisory, Vendor Advisory)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, Third Party Advisory)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, Third Party Advisory)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (Product, x_version-scheme)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (Patch, patch)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (Patch, patch)
Frequently asked questions
- What is CVE-2026-42789?
- CVE-2026-42789 is a medium-severity vulnerability in Erlang Erlang\/otp, classified under Improper Certificate Validation. CVSS score: 4.8/10. Published 2026-05-27.
- How severe is CVE-2026-42789?
- Medium severity. CVSS v3 base score is 4.8 out of 10.