CVE-2022-37026 — CVSS 9.8 (critical): In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain…
CVE-2026-28808 — CVSS 9.8 (critical): Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to CGI scripts protected by directory…
CVE-2016-10253 — CVSS 9.8 (critical): An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular…
CVE-2026-49759 — CVSS 8.2 (high): Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by…
CVE-2026-42790 — CVSS 8.1 (high): Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints…
CVE-2011-0766 — CVSS 7.8 (high): The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before…
CVE-2026-55952 — CVSS 7.5 (high): The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key…
CVE-2014-1693 — CVSS 7.5 (high): Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP…
CVE-2020-25623 — CVSS 7.5 (high): Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read…
CVE-2020-35733 — CVSS 7.5 (high): An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a…
CVE-2021-29221 — CVSS 7.0 (high): A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing…
CVE-2026-48860 — CVSS 6.5 (medium): Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl (inet_tls_dist module) allows unauthenticated bypass of the…
CVE-2026-48855 — CVSS 6.5 (medium): Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh (ssh_sftpd module) allows File Discovery. The…
CVE-2026-48858 — CVSS 6.5 (medium): Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP ftp (ftp_internal module) allows FTP bounce attacks and SSRF via an…
CVE-2026-48856 — CVSS 6.5 (medium): Sensitive Data Exposure vulnerability in Erlang OTP inets (httpc_response module) allows Retrieve Embedded Sensitive Data. The httpc client…
CVE-2016-1000107 — CVSS 6.1 (medium): inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of…
CVE-2015-2774 — CVSS 5.9 (medium): Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for…
CVE-2017-1000385 — CVSS 5.9 (medium): The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an…
CVE-2026-55950 — CVSS 5.9 (medium): Time-of-check Time-of-use (TOCTOU) race condition vulnerability in Erlang/OTP ssl (dtls_packet_demux module) allows an unauthenticated…
CVE-2023-48795 — CVSS 5.9 (medium): The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to…
CVE-2026-49760 — CVSS 5.5 (medium): Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface) allows Stack-based Buffer Overflow. This vulnerability is…
CVE-2026-23942 — CVSS 5.4 (medium): Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path…
CVE-2026-23943 — CVSS 5.3 (medium): Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of…
CVE-2026-42789 — CVSS 4.8 (medium): Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_cert module) allows a non-CA…
CVE-2026-54887 — CVSS 4.8 (medium): Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl (DTLS server) allows predictable DTLS cookie computation during the…
CVE-2026-53422 — CVSS 4.3 (medium): Observable Response Discrepancy vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to enumerate the…
CVE-2026-32147 — CVSS 4.3 (medium): Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an…
CVE-2026-54886 — CVSS 4.3 (medium): Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user…
CVE-2026-54891 — CVSS 3.7 (low): Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl…
CVE-2026-42791 — CVSS 3.7 (low): Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an…
CVE-2026-28810 — CVSS 3.7 (low): Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning…