Skip to main content

Erlang/OTP EUVDEUVD-2026-32558

| CVE-2026-42790 HIGH
Improper Certificate Validation (CWE-295)
2026-05-27 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
7.6
CVSS 4.0 · Vendor: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Share

Severity by source

Vendor (6b3ad84c-e1a6-4bf7-a703-f496b71e49db) PRIMARY
7.6 HIGH
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
7.4 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Red Hat
7.4 HIGH
qualitative

Primary rating from Vendor (6b3ad84c-e1a6-4bf7-a703-f496b71e49db).

CVSS VectorVendor: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

2
Source Code Evidence Fetched
May 27, 2026 - 20:07 vuln.today
Analysis Generated
May 27, 2026 - 20:07 vuln.today

DescriptionCVE.org

Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification.

Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted (e.g. permitted;DNS:allowed.example.com) to issue a leaf certificate that an OTP TLS client accepts as a valid identity for an out-of-scope hostname (e.g. victim.example.com):

First, pubkey_cert:validate_names/6 in lib/public_key/src/pubkey_cert.erl only checks SAN DNS entries against nameConstraints. Per RFC 5280, a permitted DNS subtree only restricts certificates that contain a DNS-typed name. A leaf with no subjectAltName therefore trivially satisfies any permitted;DNS:... constraint regardless of its subject commonName.

Second, public_key:pkix_verify_hostname/3 in lib/public_key/src/public_key.erl falls back to the subject commonName when no subjectAltName is present, extracting id-at-commonName attributes as presented IDs and matching them against the reference hostname. The strict pkix_verify_hostname_match_fun(https) matcher does not suppress this fallback.

The result is that path validation accepts a CN-only leaf under a DNS-constrained intermediate (no SAN means the nameConstraints are not triggered), and hostname verification then accepts it via the CN fallback. The bypass is reachable from stock ssl:connect with verify_peer, a trusted CA, SNI, and the canonical strict https hostname matcher.

This issue affects OTP from OTP 19.3 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 1.4 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1.

AnalysisAI

TLS server impersonation in Erlang/OTP's public_key library lets a name-constrained subordinate CA forge a trusted identity for hostnames outside its permitted DNS subtree. By chaining a nameConstraints enforcement gap with a legacy CommonName fallback in pkix_verify_hostname/3, an attacker holding a DNS-restricted intermediate (e.g. permitted;DNS:allowed.example.com) can issue a SAN-less leaf whose CN is an out-of-scope host (e.g. victim.example.com) and have a stock ssl:connect client with verify_peer accept it. It affects OTP 19.3 through the fixed releases (public_key 1.4 onward) and is rated CVSS 4.0 7.6; there is no public exploit identified at time of analysis and it is not on CISA KEV.

Technical ContextAI

The vulnerability lives in Erlang/OTP's public_key application, the X.509 path-validation and hostname-verification engine used by OTP's ssl/TLS stack (CWE-295, Improper Certificate Validation). Two independent weaknesses combine. First, pubkey_cert:validate_names/6 in lib/public_key/src/pubkey_cert.erl enforces DNS nameConstraints only against subjectAltName DNS entries; per RFC 5280 a permitted DNS subtree constrains only certificates that actually contain a DNS-typed name, so a leaf with no SAN trivially passes any permitted;DNS:... restriction regardless of its subject. Second, public_key:pkix_verify_hostname/3 in lib/public_key/src/public_key.erl implements an RFC 6125 CN fallback: when no SAN is present it extracts id-at-commonName attributes from the subject rdnSequence as presented identifiers, and even the strict https matcher (pkix_verify_hostname_match_fun(https)) does not suppress this. The upstream fix (commit 0769050c) removes the CN fallback branch and the verify_hostname_match_default0 CN-matching clauses entirely, so SAN-less certificates can no longer match a reference hostname.

RemediationAI

Vendor-released patch: upgrade to OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, or 29.0.1 (whichever matches your major line), equivalently public_key 1.15.1.7, 1.17.1.3, 1.20.3.1, or 1.21.1; the fixes are commits 0769050c69d73762672b0db1347b6993a5b31759, 21abed64eb2026b5f82f432709e4e932f9be389a, and fb67c6d1836f51105a96d8b769e71e4215a79457, documented in GHSA-22cw-4ph4-6447 and https://cna.erlef.org/cves/CVE-2026-42790.html. If you cannot upgrade immediately, the practical compensating control is to stop relying on the built-in hostname check's CN behavior: supply a custom {match_fun, ...} (and/or verify_fun) to ssl:connect that rejects any presented identity derived from the subject CommonName and requires a SAN dNSName match, accepting that this can break connections to legacy peers that still present CN-only certificates. Additionally, audit and tighten your trust store - remove or avoid trusting DNS-name-constrained subordinate CAs that should not be able to vouch for arbitrary hosts, since the attack is only reachable when such a constrained intermediate is trusted; the trade-off is operational overhead in PKI inventory and possible loss of delegated issuance. Pin expected leaf certificates/keys for high-value endpoints where feasible.

CVE-2025-32433 CRITICAL POC
10.0 Apr 16

Erlang/OTP SSH server allows unauthenticated remote code execution by exploiting a flaw in SSH protocol message handling

CVE-2017-1000385 MEDIUM POC
5.9 Dec 12

The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. Rat

CVE-2023-48795 MEDIUM POC
5.9 Dec 18

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot

CVE-2014-1693 HIGH POC
7.5 Dec 08

Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inje

CVE-2021-29221 HIGH POC
7.0 Apr 09

A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. Rated high severity (CV

CVE-2016-10253 CRITICAL
9.8 Mar 18

An issue was discovered in Erlang/OTP 18.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitab

CVE-2022-37026 CRITICAL
9.8 Sep 21

In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in

CVE-2020-25623 HIGH
7.5 Oct 02

Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. Rated high severity (CVSS 7.5), this

CVE-2026-42789 HIGH
7.0 May 27

Certificate chain forgery in Erlang/OTP's public_key application (pubkey_cert module) lets a non-CA end-entity certifica

CVE-2026-42791 MEDIUM
6.3 May 27

OCSP responder certificate validity bypass in Erlang OTP's public_key library allows forged OCSP responses-signed with t

CVE-2015-2774 MEDIUM
5.9 Apr 07

Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Server Applications 15 SP7 Fixed
SUSE Linux Enterprise Module for Server Applications 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed

Share

EUVD-2026-32558 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy