nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2026-42790
StatePUBLISHED
AssignerEEF
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-05-27 17:16:36 UTC
Updated2026-05-27 19:38:46 UTC
DescriptionImproper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted (e.g. permitted;DNS:allowed.example.com) to issue a leaf certificate that an OTP TLS client accepts as a valid identity for an out-of-scope hostname (e.g. victim.example.com): First, pubkey_cert:validate_names/6 in lib/public_key/src/pubkey_cert.erl only checks SAN DNS entries against nameConstraints. Per RFC 5280, a permitted DNS subtree only restricts certificates that contain a DNS-typed name. A leaf with no subjectAltName therefore trivially satisfies any permitted;DNS:... constraint regardless of its subject commonName. Second, public_key:pkix_verify_hostname/3 in lib/public_key/src/public_key.erl falls back to the subject commonName when no subjectAltName is present, extracting id-at-commonName attributes as presented IDs and matching them against the reference hostname. The strict pkix_verify_hostname_match_fun(https) matcher does not suppress this fallback. The result is that path validation accepts a CN-only leaf under a DNS-constrained intermediate (no SAN means the nameConstraints are not triggered), and hostname verification then accepts it via the CN fallback. The bypass is reachable from stock ssl:connect with verify_peer, a trusted CA, SNI, and the canonical strict https hostname matcher. This issue affects OTP from OTP 19.3 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 1.4 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1.

Risk And Classification

Primary CVSS: v4.0 7.6 HIGH from 6b3ad84c-e1a6-4bf7-a703-f496b71e49db

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS: 0.000280000 probability, percentile 0.084660000 (date 2026-06-01)

Problem Types: CWE-295 | CWE-297 | CWE-295 CWE-295 Improper Certificate Validation | CWE-297 CWE-297 Improper Validation of Certificate with Host Mismatch

VersionSourceTypeScoreSeverityVector
4.06b3ad84c-e1a6-4bf7-a703-f496b71e49dbSecondary7.6HIGHCVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/C...
4.0CNACVSS7.6HIGHCVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

CVSS v4.0 Breakdown

Attack Vector
Network
Attack Complexity
High
Attack Requirements
Present
Privileges Required
None
User Interaction
Passive
Confidentiality
High
Integrity
High
Availability
None
Sub Conf.
None
Sub Integrity
None
Sub Availability
None

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Erlang OTP affected 1.4 * otp Not specified
CNA Erlang OTP affected 19.3 * otp Not specified
CNA Erlang OTP affected b0c245e8132bb13171e277b1af59c0cec00c9459 * git Not specified

References

ReferenceSourceLinkTags
github.com/erlang/otp/commit/21abed64eb2026b5f82f432709e4e932f9be389a 6b3ad84c-e1a6-4bf7-a703-f496b71e49db github.com
cna.erlef.org/cves/CVE-2026-42790.html 6b3ad84c-e1a6-4bf7-a703-f496b71e49db cna.erlef.org
github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447 6b3ad84c-e1a6-4bf7-a703-f496b71e49db github.com
github.com/erlang/otp/commit/fb67c6d1836f51105a96d8b769e71e4215a79457 6b3ad84c-e1a6-4bf7-a703-f496b71e49db github.com
github.com/erlang/otp/commit/0769050c69d73762672b0db1347b6993a5b31759 6b3ad84c-e1a6-4bf7-a703-f496b71e49db github.com
www.erlang.org/doc/system/versions.html 6b3ad84c-e1a6-4bf7-a703-f496b71e49db www.erlang.org
osv.dev/vulnerability/EEF-CVE-2026-42790 6b3ad84c-e1a6-4bf7-a703-f496b71e49db osv.dev
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Vendor Comments And Credit

Discovery Credit

CNA: John Downey (en)

CNA: Ingela Anderton Andin (en)

CNA: Dan Gudmundsson (en)

CNA: Jakub Witczak (en)

Additional Advisory Data

Workarounds

CNA: The verify_fun option in the ssl application can be used to ensure that TLS connections fail if the end-entity certificate is missing the subjectAltName extension or has no domain name. Do not use a verify_fun that accepts the name_not_permitted error.

© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report