PT-2026-55270 · Unknown · Erlang/Otp

Dan Gudmundsson

+2

·

Published

2026-07-02

·

Updated

2026-07-02

·

CVE-2026-54891

CVSS v4.0

6.3

Medium

VectorAV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Name of the Vulnerable Software and Affected Versions Erlang/OTP versions 17.0 through 29.0.2 Erlang/OTP versions 28.x prior to 28.5.0.3 Erlang/OTP versions 27.x prior to 27.3.4.14
Description Improper enforcement of message integrity during transmission in the tls gen connection module allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client application later treats as authenticated server data. The function handle protocol record() fails to reject APPLICATION DATA records that arrive in pre-handshake states when the endpoint acts as a client. An attacker can send plaintext APPLICATION DATA records during the handshake, which are buffered and delivered to the application as authenticated post-handshake data once the handshake completes. This results in the blind injection of unauthenticated bytes. The injection window is wider for TLS versions prior to TLS 1.3 than for TLS 1.3.
Recommendations Update Erlang/OTP to version 29.0.3 or later. Update Erlang/OTP to version 28.5.0.3 or later. Update Erlang/OTP to version 27.3.4.14 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-54891
GHSA-GF6R-99XW-6QG6

Affected Products

Erlang/Otp