nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification
Summary
| CVE | CVE-2026-42790 |
|---|---|
| State | PUBLISHED |
| Assigner | EEF |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-27 17:16:36 UTC |
| Updated | 2026-06-30 03:19:41 UTC |
| Description | Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted (e.g. permitted;DNS:allowed.example.com) to issue a leaf certificate that an OTP TLS client accepts as a valid identity for an out-of-scope hostname (e.g. victim.example.com): First, pubkey_cert:validate_names/6 in lib/public_key/src/pubkey_cert.erl only checks SAN DNS entries against nameConstraints. Per RFC 5280, a permitted DNS subtree only restricts certificates that contain a DNS-typed name. A leaf with no subjectAltName therefore trivially satisfies any permitted;DNS:... constraint regardless of its subject commonName. Second, public_key:pkix_verify_hostname/3 in lib/public_key/src/public_key.erl falls back to the subject commonName when no subjectAltName is present, extracting id-at-commonName attributes as presented IDs and matching them against the reference hostname. The strict pkix_verify_hostname_match_fun(https) matcher does not suppress this fallback. The result is that path validation accepts a CN-only leaf under a DNS-constrained intermediate (no SAN means the nameConstraints are not triggered), and hostname verification then accepts it via the CN fallback. The bypass is reachable from stock ssl:connect with verify_peer, a trusted CA, SNI, and the canonical strict https hostname matcher. This issue affects OTP from OTP 19.3 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 1.4 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1. |
Risk And Classification
Primary CVSS: v4.0 7.6 HIGH from 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS: 0.000280000 probability, percentile 0.084660000 (date 2026-06-01)
Problem Types: CWE-295 | CWE-297 | CWE-295 CWE-295 Improper Certificate Validation | CWE-297 CWE-297 Improper Validation of Certificate with Host Mismatch | CWE-295 Improper Certificate Validation
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | 6b3ad84c-e1a6-4bf7-a703-f496b71e49db | Secondary | 7.6 | HIGH | CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/C... |
| 4.0 | CNA | CVSS | 7.6 | HIGH | CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
| 3.1 | [email protected] | Primary | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
| 3.1 | ADP | CVSS | 7.4 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
| 3.1 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | Secondary | 7.4 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
CVSS v4.0 Breakdown
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS v3.1 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Erlang | Erlang/otp | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Erlang | OTP | affected 1.4 * otp | Not specified |
| CNA | Erlang | OTP | affected 19.3 * otp | Not specified |
| CNA | Erlang | OTP | affected b0c245e8132bb13171e277b1af59c0cec00c9459 * git | Not specified |
| ADP | Red Hat | Red Hat OpenStack Platform 16.2 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenStack Platform 17.1 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenStack Platform 18.0 | Not specified | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| github.com/erlang/otp/commit/21abed64eb2026b5f82f432709e4e932f9be389a | 6b3ad84c-e1a6-4bf7-a703-f496b71e49db | github.com | Patch |
| cna.erlef.org/cves/CVE-2026-42790.html | 6b3ad84c-e1a6-4bf7-a703-f496b71e49db | cna.erlef.org | Third Party Advisory |
| github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447 | 6b3ad84c-e1a6-4bf7-a703-f496b71e49db | github.com | Vendor Advisory |
| github.com/erlang/otp/commit/fb67c6d1836f51105a96d8b769e71e4215a79457 | 6b3ad84c-e1a6-4bf7-a703-f496b71e49db | github.com | Patch |
| bugzilla.redhat.com/show_bug.cgi | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | bugzilla.redhat.com | |
| github.com/erlang/otp/commit/0769050c69d73762672b0db1347b6993a5b31759 | 6b3ad84c-e1a6-4bf7-a703-f496b71e49db | github.com | Patch |
| www.erlang.org/doc/system/versions.html | 6b3ad84c-e1a6-4bf7-a703-f496b71e49db | www.erlang.org | Product |
| osv.dev/vulnerability/EEF-CVE-2026-42790 | 6b3ad84c-e1a6-4bf7-a703-f496b71e49db | osv.dev | Mitigation, Third Party Advisory |
| access.redhat.com/security/cve/CVE-2026-42790 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42790.json | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | security.access.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: John Downey (en)
CNA: Ingela Anderton Andin (en)
CNA: Dan Gudmundsson (en)
CNA: Jakub Witczak (en)
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| ADP | 2026-05-27T17:02:53.354Z | Reported to Red Hat. |
| ADP | 2026-05-27T15:09:01.860Z | Made public. |
Workarounds
CNA: The verify_fun option in the ssl application can be used to ensure that TLS connections fail if the end-entity certificate is missing the subjectAltName extension or has no domain name. Do not use a verify_fun that accepts the name_not_permitted error.
ADP: Ensure all TLS certificates used in the deployment include Subject Alternative Name (SAN) extensions with the appropriate DNS entries. Certificates relying solely on the CommonName (CN) field for hostname identification are susceptible to this bypass. For Erlang applications, the verify_fun option in the ssl module can be configured to reject peer certificates missing the subjectAltName extension.