Vulnerability in Erlang Otp

CVE-2026-55952

The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tls_handshake_1_3…

Affected products

  • Erlang Otp — versions 9.5, 22.2, 339a279f02ce38a7b23010e56000613e19abb21f

Weakness classification (CWE)

References