Skip to main content

erlang_quic CVE-2026-49457

CRITICAL
Improper Certificate Validation (CWE-295)
2026-07-01 https://github.com/benoitc/erlang_quic GHSA-2r8v-p65x-3663
9.1
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
vuln.today AI
7.4 HIGH

AV:N and PR:N/UI:N since any client TLS connection is exposed, but AC:H because a genuine man-in-the-middle position is required; C:H/I:H for full traffic exposure and tampering, A:N as availability is unaffected.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
4.0 AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 01, 2026 - 21:15 vuln.today

DescriptionGitHub Advisory

Impact

The QUIC client did not authenticate the server during the TLS 1.3 handshake. The CertificateVerify signature was not checked, the certificate chain was not validated, and the hostname was not compared against the certificate, so verify was effectively a no-op on the client. A man-in-the-middle on the network path could present any certificate and impersonate any server, defeating the confidentiality and integrity of the connection. HTTP/3 uses the same client and was equally affected. Handshakes authenticated by a PSK (session resumption) are not affected, because the peer is authenticated by the PSK binder and no certificate is sent.

Patches

Fixed in 1.4.4. The client now verifies the CertificateVerify signature, validates the certificate chain against the trust store (cacerts option, the operating system store by default), and checks the hostname. Client verify now defaults to on; set verify => false to accept any certificate (for example a self-signed test server).

Workarounds

None before 1.4.4. verify => true had no effect, and inspecting the certificate after connecting does not help because without the signature check the peer is never proven to own the certificate it presents.

Credit

Reported by benmmurphy.

AnalysisAI

Server impersonation in erlang_quic (Benoît Chesneau's Erlang QUIC/HTTP/3 library) before 1.4.4 arises because the QUIC client performed no server authentication during the TLS 1.3 handshake - the CertificateVerify signature, certificate chain, and hostname were all left unchecked, making the verify option a no-op. An on-path attacker can present any certificate to impersonate any server and transparently read or modify traffic, breaking both confidentiality and integrity (CVSS 9.1). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain on-path MITM position
Delivery
Intercept client QUIC/HTTP/3 handshake
Exploit
Present arbitrary attacker certificate
Execution
Client skips CertificateVerify/chain/hostname checks
Persist
Handshake completes as trusted
Impact
Decrypt and tamper with session traffic

Vulnerability AssessmentAI

Exploitation Exploitation requires an active man-in-the-middle / on-path position between the erlang_quic client and its server so the attacker can intercept the QUIC/HTTP/3 connection and present a substitute certificate; this is the concrete precondition and also the main limiting factor. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are largely consistent toward high severity but tempered by product footprint and a realistic precondition. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who controls a network segment between a vulnerable erlang_quic client and its intended server (for example on shared Wi-Fi, a compromised router, or via ARP/DNS spoofing) redirects the QUIC/HTTP/3 connection to a machine they control and presents an arbitrary self-generated certificate. Because the client never checks the CertificateVerify signature, chain, or hostname, the handshake completes as if the server were authentic, letting the attacker decrypt, read, and alter all application traffic. …
Remediation Vendor-released patch: upgrade to erlang_quic 1.4.4, which makes the client verify the CertificateVerify signature, validate the certificate chain against the trust store (the `cacerts` option, defaulting to the OS store), and check the hostname, with client `verify` now defaulting to on. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: identify all applications and services using erlang_quic and document their current versions; flag any versions below 1.4.4 as critical risk. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-49457 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy