Otp

This hub aggregates every CVE we track for Otp, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Otp.

• CVE-2026-48856httpc leaks Authorization header to cross-origin redirect targets6.5Jun 10, 2026
• CVE-2026-48855SFTP READLINK Leaks Absolute Backend Filesystem Path When Root Is Configured6.5Jun 10, 2026
• CVE-2026-48860Distribution-over-TLS LAN allowlist silently bypassed due to sockname/peername confusion in inet_tls_dist6.5Jun 10, 2026
• CVE-2026-48858ftp client PASV response IP not validated against control peer, enabling SSRF and FTP bounce attacks6.5Jun 10, 2026
• CVE-2026-48859SSH server timing side-channel in ssh_auth:check_password/3 allows unauthenticated username enumeration5.3Jun 10, 2026
• CVE-2026-49759Stack buffer overflow in SCTP error cause parsing in inet_drv allows remote VM crash8.2Jun 10, 2026
• CVE-2026-49760Stack Buffer Overflow in ei_s_print_term at Very Large Integer5.5Jun 10, 2026
• CVE-2026-42790nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification8.1May 27, 2026
• CVE-2026-42791OCSP responder certificate validity period not checked in public_key3.7May 27, 2026
• CVE-2026-42789Non-CA certificate accepted as intermediate issuer in public_key path validation4.8May 27, 2026
• CVE-2026-32147SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT4.3Apr 21, 2026
• CVE-2026-28808ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)9.8Apr 7, 2026
• CVE-2026-32144OCSP designated-responder authorization bypass via missing signature verification7.4Apr 7, 2026
• CVE-2026-28810Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver3.7Apr 7, 2026
• CVE-2026-23941Request smuggling via first-wins Content-Length parsing in inets httpd9.4Mar 13, 2026