Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

CVE-2026-42791— OCSP responder certificate validity period not checked in public_key

AI Predicted 7.4 Difficulty: Easy EPSS 0.31% · P22

Affected Version Matrix 3

VendorProductVersion RangeStatus
ErlangOTP1.16< *affected
27.0< *affected
2b1a742c651b90f8a7a1fb2ddde73f29915ea376< *affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-42791

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
OCSP responder certificate validity period not checked in public_key
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkey_ocsp:verify_response/5 and pubkey_ocsp:is_authorized_responder/3 in lib/public_key/src/pubkey_ocsp.erl does not check the validity period (notBefore/notAfter) of the OCSP responder certificate. An attacker who has obtained the private key of an expired CA-designated OCSP responder certificate can forge OCSP responses that Erlang/OTP accepts as valid. This affects TLS clients using OCSP stapling via the ssl application: a malicious or compromised server can present a revoked TLS certificate together with a forged OCSP response signed by an expired responder key, and the client will accept the revoked certificate as valid. It also affects applications calling public_key:pkix_ocsp_validate/5 directly, where the impact depends on the use case — server-side client certificate validation using this API may allow authentication bypass with a revoked client certificate. This issue affects OTP from OTP 27.0 before OTP 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 1.16 before 1.17.1.3, 1.20.3.1, and 1.21.1.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
证书验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Erlang/OTP 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Erlang/OTP是Erlang/OTP开源的一个JavaScript编写的处理处理异常的库。该库可以捕捉node.js内置API引发的异常。 Erlang/OTP存在安全漏洞,该漏洞源于public_key模块中OCSP响应验证不当,允许使用过期响应者证书签名的伪造OCSP响应被接受为有效。以下版本受到影响:OTP 27.0至27.3.4.12之前版本、28.5.0.1之前版本和29.0.1之前版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
ErlangOTP 1.16 ~ * cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
ErlangOTP 27.0 ~ * cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*

II. Public POCs for CVE-2026-42791

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-42791

登录查看更多情报信息。

Patches & Fixes for CVE-2026-42791 (2)

Vendor Advisories for CVE-2026-42791 (3)

Same Patch Batch · Erlang · 2026-05-27 · 3 CVEs total

CVE-2026-42789Non-CA certificate accepted as intermediate issuer in public_key path validation
CVE-2026-42790nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verifica

IV. Related Vulnerabilities

Same product: OTP
Same vendor: Erlang
Same weakness: CWE-295

V. Comments for CVE-2026-42791

No comments yet

Leave a comment