Known Vulnerabilities for products from Erlang

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Erlang".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-49762 json Not Provided 2026-06-09 2026-06-09
CVE-2026-49760 json Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface) allows Stack-based Buffer Overflow. This vulnerabili... Not Provided 2026-06-10 2026-06-15
CVE-2026-49759 json Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash th... Not Provided 2026-06-10 2026-06-15
CVE-2026-48860 json Not Provided 2026-06-10 2026-06-11
CVE-2026-48859 json Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote u... Not Provided 2026-06-10 2026-06-15
CVE-2026-48858 json Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP ftp (ftp_internal module) allows FTP bounce attacks and SSRF v... Not Provided 2026-06-10 2026-06-11
CVE-2026-48856 json Not Provided 2026-06-10 2026-06-11
CVE-2026-48855 json Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh (ssh_sftpd module) allows File Dis... Not Provided 2026-06-10 2026-06-15
CVE-2026-48853 json Not Provided 2026-06-15 2026-06-16
CVE-2026-42793 json Not Provided 2026-05-08 2026-05-09
CVE-2026-42791 json Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses sign... Not Provided 2026-05-27 2026-06-02
CVE-2026-42790 json Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS name... Not Provided 2026-05-27 2026-06-02
CVE-2026-42789 json Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_cert module) allows a non... Not Provided 2026-05-27 2026-06-05
CVE-2026-32147 json Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd mod... Not Provided 2026-04-21 2026-05-21
CVE-2026-32144 json Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder ... Not Provided 2026-04-07 2026-04-23
CVE-2026-28810 json Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Ca... Not Provided 2026-04-07 2026-04-23
CVE-2026-28808 json Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to CGI scripts protected by... Not Provided 2026-04-07 2026-04-23
CVE-2026-23943 json Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows... Not Provided 2026-03-13 2026-05-21
CVE-2026-23942 json Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module)... Not Provided 2026-03-13 2026-05-21
CVE-2026-23941 json Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allo... Not Provided 2026-03-13 2026-05-21
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Erlang

Type Vendor Product Version
ApplicationErlangCrypto1.0
ApplicationErlangErlang/otp17.0
ApplicationErlangOtp-
ApplicationErlangRebar33.0.0
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report