Erlang Otp
21 CVEs affecting Erlang Otp. Latest disclosed: 2026-05-27. Critical: 2, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-32433 | Critical | 10.0 | 2025-04-16 | Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an… |
CVE-2026-23941 | Critical | 9.4 | 2026-03-13 | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. This v… |
CVE-2026-42790 | High | 8.1 | 2026-05-27 | Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject Com… |
CVE-2025-30211 | High | 7.5 | 2025-03-28 | Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init mes… |
CVE-2024-53846 | Medium | 5.5 | 2024-12-05 | OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of desig… |
CVE-2026-23942 | Medium | 5.4 | 2026-03-13 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal. This vuln… |
CVE-2026-23943 | Medium | 5.3 | 2026-03-13 | Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource De… |
CVE-2026-42789 | Medium | 4.8 | 2026-05-27 | Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_cert module) allows a non-CA certificate to be accepted as… |
CVE-2026-32147 | Medium | 4.3 | 2026-04-21 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP… |
CVE-2026-42791 | Low | 3.7 | 2026-05-27 | Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certi… |
CVE-2025-46712 | Low | 3.7 | 2025-05-08 | Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2… |
CVE-2026-28808 | | 2026-04-07 | Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to CGI scripts protected by directory rules when served via s… | |
CVE-2026-32144 | | 2026-04-07 | Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization bypass via missing s… | |
CVE-2026-28810 | | 2026-04-07 | Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning. The built-in DNS r… | |
CVE-2026-21620 | | 2026-02-20 | Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file mod… | |
CVE-2025-48041 | | 2025-09-11 | Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerabili… | |
CVE-2025-48040 | | 2025-09-11 | Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated wi… | |
CVE-2025-48039 | | 2025-09-11 | Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. Th… | |
CVE-2025-48038 | | 2025-09-11 | Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. Th… | |
CVE-2025-4748 | | 2025-06-16 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, Fil… |