Unknown · Erlang/Otp · CVE-2026-42789
**Name of the Vulnerable Software and Affected Versions**
Erlang OTP versions 17.0 through 26.2.5.20
Erlang OTP versions 27.x prior to 27.3.4.12
Erlang OTP versions 28.x prior to 28.5.0.1
Erlang OTP versions 29.x prior to 29.0.1
public key versions 0.22 through 1.15.1.6
public key versions 1.17.x prior to 1.17.1.3
public key versions 1.20.x prior to 1.20.3.1
public key versions 1.21.x prior to 1.21.1
**Description**
Improper following of a certificate's chain of trust in the `pubkey cert` module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. The function `pubkey cert:validate extensions/7` contains flaws where a certificate with `basicConstraints` set to `cA:false` and no `keyUsage` extension can be used as an intermediate issuer in a chain passed to `public key:pkix path validation/3`. This occurs because the `cA:false` clause does not reject the certificate when it is in the issuer position, and the `keyUsage` check is bypassed if the extension is entirely absent. Consequently, an attacker with an end-entity certificate issued by a trusted CA can sign forged leaf certificates for arbitrary identities. This affects all TLS or mTLS endpoints built on the OTP ssl application using the default verifier, including client-side server identity verification and mTLS server client certificate verification.
**Recommendations**
Update Erlang OTP to version 26.2.5.21, 27.3.4.12, 28.5.0.1, or 29.0.1 depending on the current release branch.
Update public key to version 1.15.1.7, 1.17.1.3, 1.20.3.1, or 1.21.1 depending on the current release branch.
Use the `verify fun` option in the ssl or public key application to ensure path validation rejects chains where an intermediate certificate lacks `basicConstraints cA:true`.