Known Vulnerabilities for products from Erlang

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Erlang".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-55952 json Not Provided 2026-07-02 2026-07-03
CVE-2026-55950 json Time-of-check Time-of-use (TOCTOU) race condition vulnerability in Erlang/OTP ssl (dtls_packet_demux module) allows an unauth... Not Provided 2026-07-02 2026-07-07
CVE-2026-54891 json Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl (tls... Not Provided 2026-07-02 2026-07-07
CVE-2026-54888 json Not Provided 2026-06-29 2026-06-30
CVE-2026-54887 json Not Provided 2026-07-02 2026-07-03
CVE-2026-54886 json Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authentic... Not Provided 2026-07-02 2026-07-07
CVE-2026-53426 json Not Provided 2026-06-29 2026-06-30
CVE-2026-53422 json Not Provided 2026-07-02 2026-07-03
CVE-2026-49762 json Not Provided 2026-06-09 2026-06-09
CVE-2026-49760 json Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface) allows Stack-based Buffer Overflow. This vulnerabili... Not Provided 2026-06-10 2026-06-15
CVE-2026-49759 json Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash th... Not Provided 2026-06-10 2026-06-30
CVE-2026-48860 json Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl (inet_tls_dist module) allows unauthenticated bypas... Not Provided 2026-06-10 2026-06-15
CVE-2026-48859 json Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote u... Not Provided 2026-06-10 2026-06-15
CVE-2026-48858 json Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP ftp (ftp_internal module) allows FTP bounce attacks and SSRF v... Not Provided 2026-06-10 2026-06-11
CVE-2026-48856 json Sensitive Data Exposure vulnerability in Erlang OTP inets (httpc_response module) allows Retrieve Embedded Sensitive Data. T... Not Provided 2026-06-10 2026-06-15
CVE-2026-48855 json Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh (ssh_sftpd module) allows File Dis... Not Provided 2026-06-10 2026-06-15
CVE-2026-42791 json Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses sign... Not Provided 2026-05-27 2026-06-02
CVE-2026-42790 json Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS name... Not Provided 2026-05-27 2026-06-30
CVE-2026-42789 json Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_cert module) allows a non... Not Provided 2026-05-27 2026-06-30
CVE-2026-32147 json Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd mod... Not Provided 2026-04-21 2026-05-21

Known software with vulnerabilities from Erlang

Type Vendor Product Version
ApplicationErlangCrypto1.0
ApplicationErlangErlang/otp17.0
ApplicationErlangOtp-
ApplicationErlangRebar33.0.0
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report