Search CVE reports


Toggle filters

11 – 20 of 50 results


CVE-2026-48858

Medium priority
Needs evaluation

Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP ftp (ftp_internal module) allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftp_internal:handle_ctrl_result/2 PASV handler...

1 affected package

erlang

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
erlang Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-48856

Medium priority
Needs evaluation

Sensitive Data Exposure vulnerability in Erlang OTP inets (httpc_response module) allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets...

1 affected package

erlang

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
erlang Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-48855

Medium priority
Needs evaluation

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh (ssh_sftpd module) allows File Discovery. The SSH_FXP_READLINK handler in ssh_sftpd sends the raw result of file:read_link/2 to the client...

1 affected package

erlang

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
erlang Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-42790

Medium priority
Needs evaluation

Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to...

1 affected package

erlang

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
erlang Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-42791

Medium priority
Needs evaluation

Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in...

1 affected package

erlang

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
erlang Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-42789

Medium priority
Needs evaluation

Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_cert module) allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In...

1 affected package

erlang

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
erlang Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-8466

Medium priority
Needs evaluation

Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboy_req:read_part/3 in src/cowboy_req.erl...

1 affected package

erlang-cowboy

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
erlang-cowboy Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-43970

Medium priority
Needs evaluation

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cow_spdy:inflate/2 in cowlib passes peer-supplied compressed...

1 affected package

erlang-cowlib

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
erlang-cowlib Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-7790

Medium priority
Needs evaluation

Uncontrolled Resource Consumption vulnerability in ninenines cowlib (cow_http_te module) allows Excessive Allocation. The chunked transfer-encoding parser in cow_http_te accepts an unbounded number of hex digits in the chunk-size...

1 affected package

erlang-cowlib

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
erlang-cowlib Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-32147

Medium priority
Needs evaluation

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to modify file attributes outside the configured chroot...

1 affected package

erlang

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
erlang Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages