CVE-2026-42790

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 19.3 through 26.2.5.20 Erlang OTP versions 26.2.5.21 through 27.3.4.11 Erlang OTP versions 27.3.4.12 through 28.5.0.0 Erlang OTP versions 28.5.0.1 through 29.0.0 public key versions 1.4 through 1.15.1.6 public key versions 1.15.1.7 through 1.17.1.2 public key versions 1.17.1.3 through 1.20.3.0 public key versions 1.20.3.1 through 1.21.0

Description Improper certificate validation in the pubkey cert and public key modules allows a DNS nameConstraints bypass during TLS hostname verification. This occurs because pubkey cert:validate names/6 only checks Subject Alternative Name (SAN) DNS entries against nameConstraints, meaning certificates without a SAN trivially satisfy permitted DNS constraints. Simultaneously, public key:pkix verify hostname/3 falls back to the subject CommonName when no SAN is present, matching it against the reference hostname. This combination allows a subordinate CA with restricted DNS nameConstraints to issue a leaf certificate that an OTP TLS client accepts for an out-of-scope hostname. This bypass is reachable via ssl:connect using verify peer, a trusted CA, SNI, and the strict https hostname matcher.

Recommendations Update Erlang OTP to version 26.2.5.21, 27.3.4.12, 28.5.0.1, or 29.0.1 depending on the current release branch. Update public key to version 1.15.1.7, 1.17.1.3, 1.20.3.1, or 1.21.1 depending on the current release branch. Use the verify fun option in the ssl application to ensure TLS connections fail if the end-entity certificate lacks the subjectAltName extension or a domain name, ensuring the verify fun does not accept the name not permitted error.