SB2026041048 - Fedora 44 update for erlang

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026041048

SB2026041048 - Fedora 44 update for erlang

Published: April 10, 2026

Security Bulletin ID SB2026041048
Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Generation of Predictable Numbers or Identifiers (CVE-ID: CVE-2026-28810)

The vulnerability allows a remote attacker to poison the DNS cache.

The vulnerability exists due to generation of predictable numbers or identifiers in the inet_res built-in DNS resolver when processing UDP DNS queries. A remote attacker can forge a DNS response with a predicted transaction ID to poison the DNS cache.

Exploitation is practical for an attacker who can observe one query or predict the next transaction ID.


2) Incorrect authorization (CVE-ID: CVE-2026-28808)

The vulnerability allows a remote attacker to bypass authorization checks and access protected CGI scripts.

The vulnerability exists due to incorrect authorization in mod_auth and mod_cgi path resolution when handling requests to script_alias CGI targets located outside DocumentRoot. A remote attacker can send a request to a script_alias URL to bypass authorization checks and access protected CGI scripts.

Exploitation requires script_alias to map a URL prefix to a CGI directory outside DocumentRoot while directory-based access controls are configured to protect that external directory.


Remediation

Install update from vendor's website.

References