Main Vulnerability Database SB2026041024

SB2026041024 - Fedora 43 update for erlang

Published: April 10, 2026

Security Bulletin ID SB2026041024

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Relative Path Traversal (CVE-ID: CVE-2026-21620)

The vulnerability allows a remote user to read and write arbitrary files.

The vulnerability exists due to relative path traversal in the Erlang/OTP TFTP server when handling remote file requests with ../ path components while using the undocumented root_dir option. A remote user can send crafted file requests to read and write arbitrary files.

Exploitation requires that the system designer used the undocumented {root_dir,RootDir} option under incorrect assumptions and that the service is reachable from untrusted hosts.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2026-8a15e7a423