PT-2026-55269 · Unknown+1 · Erlang/Otp+1

Dan Gudmundsson

+1

·

Published

2026-07-02

·

Updated

2026-07-02

·

CVE-2026-54887

CVSS v4.0

6.3

Medium

VectorAV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Erlang/OTP versions 20.0 through 29.0.2 Erlang/OTP versions 28.0 through 28.5.0.2 Erlang/OTP versions 27.0 through 27.3.4.13 ssl versions 8.2 through 11.7.2 ssl versions 11.6.0 through 11.6.0.2 ssl versions 11.2.0 through 11.2.12.9
Description Use of a default cryptographic key in the DTLS server allows for predictable DTLS cookie computation during the startup window, which enables the bypass of source address verification. Upon server startup, the function dtls server connection:initial hello/3 initializes the previous cookie secret variable to an empty binary instead of a random value. Since HMAC with an empty key is deterministic, an attacker observing the plaintext ClientHello can compute the dtls handshake:cookie() and forge a valid DTLS cookie before the first secret rotation occurs (typically within 0 to 15 seconds). This allows for DTLS handshake amplification using spoofed source addresses, bypassing the denial-of-service mitigation intended to prevent spoofed IPs from forcing the server to allocate state and perform expensive cryptographic operations.
Recommendations Update Erlang/OTP to version 29.0.3, 28.5.0.3, or 27.3.4.14. Update ssl to version 11.7.3, 11.6.0.3, or 11.2.12.10.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-54887
GHSA-P2M2-3C2W-8JP8

Affected Products

Erlang/Otp
Ssl