SB2026070297 - Multiple vulnerabilities in otp



SB2026070297 - Multiple vulnerabilities in otp

Published: July 2, 2026

Security Bulletin ID SB2026070297
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 vulnerabilities.


1) Improper Validation of Specified Quantity in Input (CVE-ID: CVE-2026-55952)

CWE-ID: CWE-1284 - Improper Validation of Specified Quantity in Input

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper validation of specified quantity in input in the TLS-1.3 session ticket handler when processing a malformed ClientHello with mismatched PSK identity and binder list lengths. A remote attacker can send a specially crafted ClientHello message to cause a denial of service.

Only TLS-1.3 servers with session tickets enabled are vulnerable. TLS-1.2 connections are not affected.


2) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2026-55950)

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to a time-of-check time-of-use race condition in the dtls_packet_demux gen_server process when handling rapid DTLS client reconnects from the same source address and port. A remote attacker can send multiple valid ClientHello datagrams in quick succession to cause a denial of service.

The crash of the shared demultiplexing process terminates all active DTLS sessions on the affected listener, and no completed handshake or credentials are required.


3) Improper Enforcement of Message Integrity During Transmission in a Communication Channel (CVE-ID: CVE-2026-54891)

CWE-ID: CWE-924 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to inject plaintext data into a TLS client application.

The vulnerability exists due to improper enforcement of message integrity during transmission in the (d)tls client handshake handling when a man-in-the-middle interferes before the handshake completes. A remote attacker can inject plaintext data before handshake completion to inject plaintext data into a TLS client application.

The injected data may be delivered to the client application after a successful handshake. The injection window is smaller for TLS 1.3 than for earlier TLS versions.


4) Infinite loop (CVE-ID: CVE-2026-54886)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to cause a denial of service.

The vulnerability exists due to an infinite loop in handle_data/4 in ssh_sftpd.erl when processing SSH_MSG_CHANNEL_EXTENDED_DATA on an established SFTP channel. A remote user can send a specially crafted extended data message to cause a denial of service.

The issue affects targeted SFTP channel processes, which become permanently unresponsive while continuing to consume CPU time and accumulate unbounded message queue memory. Opening many channels can amplify the impact.


5) Use of Default Cryptographic Key (CVE-ID: CVE-2026-54887)

CWE-ID: CWE-1394 - Use of Default Cryptographic Key

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass DTLS address verification.

The vulnerability exists due to use of a default cryptographic key in the DTLS cookie handling during server startup when processing a plaintext ClientHello before the first cookie secret rotation. A remote attacker can compute and submit a valid forged cookie to bypass DTLS address verification.

The issue is limited to the startup window before the first secret rotation, approximately 0 to 15 seconds, and requires observing the plaintext ClientHello contents.


6) Observable Response Discrepancy (CVE-ID: CVE-2026-53422)

CWE-ID: CWE-204 - Observable Response Discrepancy

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to disclose sensitive information about filesystem path existence.

The vulnerability exists due to observable response discrepancy in the ssh_sftpd SSH_FXP_REALPATH handler when processing a crafted traversal path in a REALPATH request. A remote user can send a specially crafted REALPATH request to disclose sensitive information about filesystem path existence.

The issue affects deployments that rely on the configured root option for filesystem path isolation, and it does not by itself provide file contents disclosure or write access.


Remediation

Install update from vendor's website.