CVE-2026-48858

CVE-2026-48858

Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP ftp (ftp_internal module) allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftp_internal:handle_ctrl_result/2 PASV handler (mode=passive, ipf…

Vulnerability class: SSRF (Server-Side Request Forgery)

Weakness classification (CWE)

References