Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

OTP — Vulnerabilities & Security Advisories 34

All 34 CVE vulnerabilities found in OTP, with AI-generated Chinese analysis, references, and POCs.

This page aggregates vulnerability data for the OTP product across various security weakness types. It serves as a centralized resource for tracking security issues related to this specific software component and its associated implementations. The collection encompasses a wide range of vulnerability classes, including injection flaws, improper authentication, and insecure configuration errors. The data covers reports released from January 2018 through the present, ensuring that both historical trends and recent security advisories are accessible. This time span allows users to analyze how security postures have evolved over nearly six years of development and patching cycles. Here, users can track vendor advisories to stay informed about critical updates and patches. The interface facilitates understanding specific weakness classes by grouping similar issues, which helps in recognizing patterns in code quality or design flaws. Additionally, users can look up the product's vulnerability history to assess the longevity and stability of the software. This historical perspective is crucial for risk assessment and planning security audits. By organizing these details, the page provides a clear view of the security landscape surrounding OTP, enabling developers and security professionals to make informed decisions regarding mitigation strategies and compliance requirements.

Vendor: erlang

CVE IDTitleCVSSSeverityPublished
CVE-2026-54891 Plaintext APPLICATION_DATA injected during TLS handshake delivered to client application post-handshake in ssl CWE-924--2026-07-02
CVE-2026-55950 DTLS listener crash via race condition in dtls_packet_demux causes denial of service for all sessions CWE-367--2026-07-02
CVE-2026-54886 SSH SFTP server denial of service via extended channel data infinite loop CWE-835--2026-07-02
CVE-2026-55952 TLS 1.3 server denial of service via malformed ClientHello pre-shared key extension CWE-1284--2026-07-02
CVE-2026-54887 DTLS server cookie bypass during startup window due to empty initial cookie secret CWE-1394--2026-07-02
CVE-2026-53422 SFTP REALPATH path-existence oracle allowing filesystem enumeration outside configured root CWE-204--2026-07-02
CVE-2026-48856 httpc leaks Authorization header to cross-origin redirect targets CWE-601--2026-06-10
CVE-2026-48860 Distribution-over-TLS LAN allowlist silently bypassed due to sockname/peername confusion in inet_tls_dist CWE-1025--2026-06-10
CVE-2026-48855 SFTP READLINK Leaks Absolute Backend Filesystem Path When Root Is Configured CWE-200--2026-06-10
CVE-2026-48858 ftp client PASV response IP not validated against control peer, enabling SSRF and FTP bounce attacks CWE-918--2026-06-10
CVE-2026-48859 SSH server timing side-channel in ssh_auth:check_password/3 allows unauthenticated username enumeration CWE-208--2026-06-10
CVE-2026-49759 Stack buffer overflow in SCTP error cause parsing in inet_drv allows remote VM crash CWE-121--2026-06-10
CVE-2026-49760 Stack Buffer Overflow in ei_s_print_term at Very Large Integer CWE-121--2026-06-10
CVE-2026-42790 nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification CWE-295--2026-05-27
CVE-2026-42791 OCSP responder certificate validity period not checked in public_key CWE-295--2026-05-27
CVE-2026-42789 Non-CA certificate accepted as intermediate issuer in public_key path validation CWE-295--2026-05-27
CVE-2026-32147 SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT CWE-22 6.5AIMediumAI2026-04-21
CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch) CWE-863 9.8AICriticalAI2026-04-07
CVE-2026-32144 OCSP designated-responder authorization bypass via missing signature verification CWE-295 5.9AIMediumAI2026-04-07
CVE-2026-28810 Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver CWE-340 5.0AIMediumAI2026-04-07
CVE-2026-23941 Request smuggling via first-wins Content-Length parsing in inets httpd CWE-444 8.2 -2026-03-13
CVE-2026-23943 Pre-auth SSH DoS via unbounded zlib inflate CWE-409 7.5 -2026-03-13
CVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpd CWE-22 4.3 -2026-03-13
CVE-2026-21620 TFTP Path Traversal CWE-23 9.1AICriticalAI2026-02-20
CVE-2025-48041 SSH_FXP_OPENDIR may Lead to Exhaustion of File Handles CWE-770 7.5AIHighAI2025-09-11
CVE-2025-48040 Malicious Key Exchange Messages may Lead to Excessive Resource Consumption CWE-400 7.5AIHighAI2025-09-11
CVE-2025-48039 Unverified Paths can Cause Excessive Use of System Resources CWE-770 7.5AIHighAI2025-09-11
CVE-2025-48038 Unverified File Handles can Cause Excessive Use of System Resources CWE-770 7.5AIHighAI2025-09-11
CVE-2025-4748 Absolute path traversal in zip:unzip/1,2 CWE-22 9.1AICriticalAI2025-06-16
CVE-2025-46712 Erlang/OTP SSH Has Strict KEX Violations CWE-440 3.7 Low2025-05-08

All 34 known CVE vulnerabilities affecting OTP with full Chinese analysis, references, and POCs where available.