Known Vulnerabilities for products from Erlang
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Erlang".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-42793 json | Not Provided | 2026-05-08 | 2026-05-09 | |
| CVE-2026-42791 json | Not Provided | 2026-05-27 | 2026-05-27 | |
| CVE-2026-42790 json | Not Provided | 2026-05-27 | 2026-05-27 | |
| CVE-2026-42789 json | Not Provided | 2026-05-27 | 2026-05-27 | |
| CVE-2026-34593 json | Not Provided | 2026-04-02 | 2026-04-03 | |
| CVE-2026-32688 json | Not Provided | 2026-04-27 | 2026-04-29 | |
| CVE-2026-32147 json | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd mod... | Not Provided | 2026-04-21 | 2026-05-21 |
| CVE-2026-32144 json | Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder ... | Not Provided | 2026-04-07 | 2026-04-23 |
| CVE-2026-28810 json | Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Ca... | Not Provided | 2026-04-07 | 2026-04-23 |
| CVE-2026-28809 json | Not Provided | 2026-03-23 | 2026-04-07 | |
| CVE-2026-28808 json | Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to CGI scripts protected by... | Not Provided | 2026-04-07 | 2026-04-23 |
| CVE-2026-23943 json | Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows... | Not Provided | 2026-03-13 | 2026-05-21 |
| CVE-2026-23942 json | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module)... | Not Provided | 2026-03-13 | 2026-05-21 |
| CVE-2026-23941 json | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allo... | Not Provided | 2026-03-13 | 2026-05-21 |
| CVE-2026-21619 json | Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hex_core (hex_api modules), hexpm... | Not Provided | 2026-02-27 | 2026-04-06 |
| CVE-2022-37026 json | In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in cert... | 9.8 - CRITICAL | 2022-09-21 | 2023-08-08 |
| CVE-2021-29221 json | A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existi... | 7 - HIGH | 2021-04-09 | 2021-04-20 |
| CVE-2020-35733 json | An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate... | 7.5 - HIGH | 2021-01-15 | 2023-11-07 |
| CVE-2020-25623 json | Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP reques... | 7.5 - HIGH | 2020-10-02 | 2020-10-09 |
| CVE-2020-13802 json | Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification. | 9.8 - CRITICAL | 2020-09-02 | 2021-07-21 |
Known software with vulnerabilities from Erlang
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Erlang | Crypto | 1.0 |
| Application | Erlang | Erlang/otp | 17.0 |
| Application | Erlang | Otp | - |
| Application | Erlang | Rebar3 | 3.0.0 |