Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Erlang — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting Erlang. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Erlang is primarily used for building highly available, distributed systems and real-time applications like messaging platforms and telecom infrastructure. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from input validation flaws and insecure deserialization. The platform's lightweight processes and fault-tolerance features provide inherent security benefits, though misconfigurations can still lead to breaches. Notable incidents include vulnerabilities in the Cowboy web server and OTP components, which have allowed attackers to execute arbitrary code or bypass authentication. Despite these issues, the language's design emphasizes reliability and concurrent processing, making it a preferred choice for systems requiring high uptime and scalability.

Top products by Erlang: otp
CVE IDTitleCVSSSeverityPublished
CVE-2026-32147 SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT — OTPCWE-22 6.5AIMediumAI2026-04-21
CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch) — OTPCWE-863 9.8AICriticalAI2026-04-07
CVE-2026-32144 OCSP designated-responder authorization bypass via missing signature verification — OTPCWE-295 5.9AIMediumAI2026-04-07
CVE-2026-28810 Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver — OTPCWE-340 5.0AIMediumAI2026-04-07
CVE-2026-23941 Request smuggling via first-wins Content-Length parsing in inets httpd — OTPCWE-444 8.2 -2026-03-13
CVE-2026-23943 Pre-auth SSH DoS via unbounded zlib inflate — OTPCWE-409 7.5 -2026-03-13
CVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpd — OTPCWE-22 4.3 -2026-03-13
CVE-2026-21620 TFTP Path Traversal — OTPCWE-23 9.1AICriticalAI2026-02-20
CVE-2025-48041 SSH_FXP_OPENDIR may Lead to Exhaustion of File Handles — OTPCWE-770 7.5AIHighAI2025-09-11
CVE-2025-48040 Malicious Key Exchange Messages may Lead to Excessive Resource Consumption — OTPCWE-400 7.5AIHighAI2025-09-11
CVE-2025-48039 Unverified Paths can Cause Excessive Use of System Resources — OTPCWE-770 7.5AIHighAI2025-09-11
CVE-2025-48038 Unverified File Handles can Cause Excessive Use of System Resources — OTPCWE-770 7.5AIHighAI2025-09-11
CVE-2025-4748 Absolute path traversal in zip:unzip/1,2 — OTPCWE-22 9.1AICriticalAI2025-06-16
CVE-2025-46712 Erlang/OTP SSH Has Strict KEX Violations — otpCWE-440 3.7 Low2025-05-08
CVE-2025-32433 Erlang/OTP SSH Vulnerable to Pre-Authentication RCE — otpCWE-306 10.0 Critical2025-04-16
CVE-2025-30211 KEX init error results with excessive memory usage — otpCWE-789 7.5 High2025-03-28
CVE-2025-26618 SSH SFTP packet size not verified properly in Erlang OTP — otpCWE-789 5.9 -2025-02-20
CVE-2024-53846 ssl fails to validate incorrect extened key usage — otpCWE-295 5.5 Medium2024-12-05

This page lists every published CVE security advisory associated with Erlang. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.