erlang

Top products

The 15 most recently published vulnerabilities affecting erlang.

• CVE-2026-48856httpc leaks Authorization header to cross-origin redirect targets6.5Jun 10, 2026
• CVE-2026-48860Distribution-over-TLS LAN allowlist silently bypassed due to sockname/peername confusion in inet_tls_dist6.5Jun 10, 2026
• CVE-2026-48855SFTP READLINK Leaks Absolute Backend Filesystem Path When Root Is Configured6.5Jun 10, 2026
• CVE-2026-48858ftp client PASV response IP not validated against control peer, enabling SSRF and FTP bounce attacks6.5Jun 10, 2026
• CVE-2026-48859SSH server timing side-channel in ssh_auth:check_password/3 allows unauthenticated username enumeration5.3Jun 10, 2026
• CVE-2026-49759Stack buffer overflow in SCTP error cause parsing in inet_drv allows remote VM crash8.2Jun 10, 2026
• CVE-2026-49760Stack Buffer Overflow in ei_s_print_term at Very Large Integer5.5Jun 10, 2026
• CVE-2026-42790nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification8.1May 27, 2026
• CVE-2026-42791OCSP responder certificate validity period not checked in public_key3.7May 27, 2026
• CVE-2026-42789Non-CA certificate accepted as intermediate issuer in public_key path validation4.8May 27, 2026
• CVE-2026-32147SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT4.3Apr 21, 2026
• CVE-2026-28808ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)9.8Apr 7, 2026
• CVE-2026-32144OCSP designated-responder authorization bypass via missing signature verification7.4Apr 7, 2026
• CVE-2026-28810Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver3.7Apr 7, 2026
• CVE-2026-23941Request smuggling via first-wins Content-Length parsing in inets httpd9.4Mar 13, 2026