SB2026070297 - Multiple vulnerabilities in otp
Published: July 2, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 vulnerabilities.
1) Improper Validation of Specified Quantity in Input (CVE-ID: CVE-2026-55952)
CWE-ID: CWE-1284 - Improper Validation of Specified Quantity in Input
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper validation of specified quantity in input in the TLS-1.3 session ticket handler when processing a malformed ClientHello with mismatched PSK identity and binder list lengths. A remote attacker can send a specially crafted ClientHello message to cause a denial of service.
Only TLS-1.3 servers with session tickets enabled are vulnerable. TLS-1.2 connections are not affected.
2) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2026-55950)
CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to a time-of-check time-of-use race condition in the dtls_packet_demux gen_server process when handling rapid DTLS client reconnects from the same source address and port. A remote attacker can send multiple valid ClientHello datagrams in quick succession to cause a denial of service.
The crash of the shared demultiplexing process terminates all active DTLS sessions on the affected listener, and no completed handshake or credentials are required.
CWE-ID: CWE-924 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to inject plaintext data into a TLS client application.
The vulnerability exists due to improper enforcement of message integrity during transmission in the (d)tls client handshake handling when a man-in-the-middle interferes before the handshake completes. A remote attacker can inject plaintext data before handshake completion to inject plaintext data into a TLS client application.
The injected data may be delivered to the client application after a successful handshake. The injection window is smaller for TLS 1.3 than for earlier TLS versions.
4) Infinite loop (CVE-ID: CVE-2026-54886)
CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to cause a denial of service.
The vulnerability exists due to an infinite loop in handle_data/4 in ssh_sftpd.erl when processing SSH_MSG_CHANNEL_EXTENDED_DATA on an established SFTP channel. A remote user can send a specially crafted extended data message to cause a denial of service.
The issue affects targeted SFTP channel processes, which become permanently unresponsive while continuing to consume CPU time and accumulate unbounded message queue memory. Opening many channels can amplify the impact.
5) Use of Default Cryptographic Key (CVE-ID: CVE-2026-54887)
CWE-ID: CWE-1394 - Use of Default Cryptographic Key
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to bypass DTLS address verification.
The vulnerability exists due to use of a default cryptographic key in the DTLS cookie handling during server startup when processing a plaintext ClientHello before the first cookie secret rotation. A remote attacker can compute and submit a valid forged cookie to bypass DTLS address verification.
The issue is limited to the startup window before the first secret rotation, approximately 0 to 15 seconds, and requires observing the plaintext ClientHello contents.
6) Observable Response Discrepancy (CVE-ID: CVE-2026-53422)
CWE-ID: CWE-204 - Observable Response Discrepancy
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to disclose sensitive information about filesystem path existence.
The vulnerability exists due to observable response discrepancy in the ssh_sftpd SSH_FXP_REALPATH handler when processing a crafted traversal path in a REALPATH request. A remote user can send a specially crafted REALPATH request to disclose sensitive information about filesystem path existence.
The issue affects deployments that rely on the configured root option for filesystem path isolation, and it does not by itself provide file contents disclosure or write access.
Remediation
Install update from vendor's website.
References
- https://github.com/erlang/otp/security/advisories/GHSA-8c57-44c9-pc59
- https://github.com/erlang/otp/security/advisories/GHSA-hwfc-5hf4-gvr3
- https://github.com/erlang/otp/security/advisories/GHSA-gf6r-99xw-6qg6
- https://github.com/erlang/otp/security/advisories/GHSA-7wp4-pc27-2vj9
- https://github.com/erlang/otp/security/advisories/GHSA-p2m2-3c2w-8jp8
- https://github.com/erlang/otp/security/advisories/GHSA-h9pw-h5w4-h976