Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-54887— DTLS server cookie bypass during startup window due to empty initial cookie secret

AI Predicted 5.9 Difficulty: Easy EPSS 0.24% · P15

Possible ATT&CK Techniques 1AI

T1498 · Network Denial of Service

Affected Version Matrix 3

VendorProductVersion RangeStatus
ErlangOTP8.2< *affected
20.0< *affected
e594aad2f87aab39e99fccf9e021bc94e0bbf7d4< 888e3bcd72d5406016b9e0de741026bc2a6f114daffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-54887

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
DTLS server cookie bypass during startup window due to empty initial cookie secret
Source: NVD (National Vulnerability Database)
Vulnerability Description
Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl (DTLS server) allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtls_server_connection:initial_hello/3 initializes previous_cookie_secret to the empty binary (<<>>) instead of a random value. Because HMAC with an empty key is deterministic, anyone who observes the plaintext ClientHello can compute dtls_handshake:cookie(<<>>, IP, Port, Hello) and forge a valid DTLS cookie before the first rotation of the cookie secret. The DTLS cookie (RFC 6347 §4.2.1) is a denial-of-service mitigation that prevents spoofed source IPs from forcing the server to allocate state and perform expensive cryptographic operations; it is not an authentication mechanism. During the window from server startup until the first secret rotation (0 to 15 seconds), an attacker who can observe the plaintext ClientHello can bypass the source address verification, enabling DTLS handshake amplification with spoofed source addresses. This vulnerability is associated with program file lib/ssl/src/dtls_server_connection.erl and program routine dtls_server_connection:initial_hello/3. This issue affects OTP from OTP 20.0 before 29.0.3, 28.5.0.3 and 27.3.4.14 corresponding to ssl from 8.2 before 11.7.3, 11.6.0.3 and 11.2.12.10.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1394
Source: NVD (National Vulnerability Database)
Vulnerability Title
Erlang/OTP 信任管理问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
erlang erlang/otp是erlang社区开源的一套并发编程语言及运行时系统。 Erlang存在信任管理问题漏洞,该漏洞源于默认加密密钥使用问题,导致在启动窗口期间DTLS cookie计算可预测,从而使源地址验证绕过,攻击者可利用此漏洞通过伪造的源地址进行DTLS握手放大。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
ErlangOTP 8.2 ~ * cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
ErlangOTP 20.0 ~ * cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*

II. Public POCs for CVE-2026-54887

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-54887

登录查看更多情报信息。

Patches & Fixes for CVE-2026-54887 (1)

Vendor Advisories for CVE-2026-54887 (3)

Same Patch Batch · Erlang · 2026-07-02 · 6 CVEs total

CVE-2026-53422SFTP REALPATH path-existence oracle allowing filesystem enumeration outside configured roo
CVE-2026-54891Plaintext APPLICATION_DATA injected during TLS handshake delivered to client application p
CVE-2026-54886SSH SFTP server denial of service via extended channel data infinite loop
CVE-2026-55950DTLS listener crash via race condition in dtls_packet_demux causes denial of service for a
CVE-2026-55952TLS 1.3 server denial of service via malformed ClientHello pre-shared key extension

IV. Related Vulnerabilities

V. Comments for CVE-2026-54887

No comments yet


Leave a comment