OCSP designated-responder authorization bypass via missing signature verification

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2026-32144
StatePUBLISHED
AssignerEEF
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-04-07 13:16:46 UTC
Updated2026-04-07 13:20:11 UTC
DescriptionImproper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in public_key:pkix_ocsp_validate/5 does not verify that a CA-designated responder certificate was cryptographically signed by the issuing CA. Instead, it only checks that the responder certificate's issuer name matches the CA's subject name and that the certificate has the OCSPSigning extended key usage. An attacker who can intercept or control OCSP responses can create a self-signed certificate with a matching issuer name and the OCSPSigning EKU, and use it to forge OCSP responses that mark revoked certificates as valid. This affects SSL/TLS clients using OCSP stapling, which may accept connections to servers with revoked certificates, potentially transmitting sensitive data to compromised servers. Applications using the public_key:pkix_ocsp_validate/5 API directly are also affected, with impact depending on usage context. This vulnerability is associated with program files lib/public_key/src/pubkey_ocsp.erl and program routines pubkey_ocsp:is_authorized_responder/3. This issue affects OTP from OTP 27.0 until OTP 28.4.2 and 27.3.4.10 corresponding to public_key from 1.16 until 1.20.3 and 1.17.1.2, and ssl from 11.2 until 11.5.4 and 11.2.12.7.

Risk And Classification

Primary CVSS: v4.0 7.6 HIGH from 6b3ad84c-e1a6-4bf7-a703-f496b71e49db

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Problem Types: CWE-295 | CWE-295 CWE-295 Improper Certificate Validation

VersionSourceTypeScoreSeverityVector
4.06b3ad84c-e1a6-4bf7-a703-f496b71e49dbSecondary7.6HIGHCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/C...
4.0CNACVSS7.6HIGHCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N

CVSS v4.0 Breakdown

Attack Vector
Network
Attack Complexity
Low
Attack Requirements
Present
Privileges Required
None
User Interaction
Passive
Confidentiality
High
Integrity
High
Availability
None
Sub Conf.
Low
Sub Integrity
Low
Sub Availability
None

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Erlang OTP affected 1.16 * otp Not specified
CNA Erlang OTP affected 11.2 * otp Not specified
CNA Erlang OTP affected 27.0 * otp Not specified
CNA Erlang OTP affected 601a012837ea0a5c8095bf24223132824177124d * git Not specified

References

ReferenceSourceLinkTags
github.com/erlang/otp/commit/ac7ff528be857c5d35eb29c7f24106e3a16d4891 6b3ad84c-e1a6-4bf7-a703-f496b71e49db github.com
github.com/erlang/otp/commit/49033a6d93a5be0ee0dce04e1fb8b4ae7de1e0c0 6b3ad84c-e1a6-4bf7-a703-f496b71e49db github.com
www.erlang.org/doc/system/versions.html 6b3ad84c-e1a6-4bf7-a703-f496b71e49db www.erlang.org
cna.erlef.org/cves/CVE-2026-32144.html 6b3ad84c-e1a6-4bf7-a703-f496b71e49db cna.erlef.org
osv.dev/vulnerability/EEF-CVE-2026-32144 6b3ad84c-e1a6-4bf7-a703-f496b71e49db osv.dev
github.com/erlang/otp/security/advisories/GHSA-gxrm-pf64-99xm 6b3ad84c-e1a6-4bf7-a703-f496b71e49db github.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Vendor Comments And Credit

Discovery Credit

CNA: Igor Morgenstern / Aisle Research (en)

CNA: Jakub Witczak (en)

CNA: Ingela Anderton Andin (en)

Additional Advisory Data

Workarounds

CNA: For SSL users: * Do not enable OCSP validation setting (current default is {stapling, no_staple}) * Use CRL-based revocation checking by setting the {crl_check, true} SSL option instead For applications using public_key:pkix_ocsp_validate/5 directly: * Pass {is_trusted_responder_fun, Fun} option with a function that validates trusted responder certificates * Restrict OCSP responder access to trusted endpoints via network controls (only applicable if you control the OCSP infrastructure)

© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report