erlang_quic CVE-2026-49457
CRITICALSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AV:N and PR:N/UI:N since any client TLS connection is exposed, but AC:H because a genuine man-in-the-middle position is required; C:H/I:H for full traffic exposure and tampering, A:N as availability is unaffected.
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionGitHub Advisory
Impact
The QUIC client did not authenticate the server during the TLS 1.3 handshake. The CertificateVerify signature was not checked, the certificate chain was not validated, and the hostname was not compared against the certificate, so verify was effectively a no-op on the client. A man-in-the-middle on the network path could present any certificate and impersonate any server, defeating the confidentiality and integrity of the connection. HTTP/3 uses the same client and was equally affected. Handshakes authenticated by a PSK (session resumption) are not affected, because the peer is authenticated by the PSK binder and no certificate is sent.
Patches
Fixed in 1.4.4. The client now verifies the CertificateVerify signature, validates the certificate chain against the trust store (cacerts option, the operating system store by default), and checks the hostname. Client verify now defaults to on; set verify => false to accept any certificate (for example a self-signed test server).
Workarounds
None before 1.4.4. verify => true had no effect, and inspecting the certificate after connecting does not help because without the signature check the peer is never proven to own the certificate it presents.
Credit
Reported by benmmurphy.
AnalysisAI
Server impersonation in erlang_quic (Benoît Chesneau's Erlang QUIC/HTTP/3 library) before 1.4.4 arises because the QUIC client performed no server authentication during the TLS 1.3 handshake - the CertificateVerify signature, certificate chain, and hostname were all left unchecked, making the verify option a no-op. An on-path attacker can present any certificate to impersonate any server and transparently read or modify traffic, breaking both confidentiality and integrity (CVSS 9.1). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an active man-in-the-middle / on-path position between the erlang_quic client and its server so the attacker can intercept the QUIC/HTTP/3 connection and present a substitute certificate; this is the concrete precondition and also the main limiting factor. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are largely consistent toward high severity but tempered by product footprint and a realistic precondition. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who controls a network segment between a vulnerable erlang_quic client and its intended server (for example on shared Wi-Fi, a compromised router, or via ARP/DNS spoofing) redirects the QUIC/HTTP/3 connection to a machine they control and presents an arbitrary self-generated certificate. Because the client never checks the CertificateVerify signature, chain, or hostname, the handshake completes as if the server were authentic, letting the attacker decrypt, read, and alter all application traffic. … |
| Remediation | Vendor-released patch: upgrade to erlang_quic 1.4.4, which makes the client verify the CertificateVerify signature, validate the certificate chain against the trust store (the `cacerts` option, defaulting to the OS store), and check the hostname, with client `verify` now defaulting to on. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: identify all applications and services using erlang_quic and document their current versions; flag any versions below 1.4.4 as critical risk. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-295 – Improper Certificate Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-2r8v-p65x-3663