PT-2026-55270 · Unknown · Erlang/Otp
Dan Gudmundsson
+2
·
Published
2026-07-02
·
Updated
2026-07-02
·
CVE-2026-54891
CVSS v4.0
6.3
Medium
| Vector | AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Erlang/OTP versions 17.0 through 29.0.2
Erlang/OTP versions 28.x prior to 28.5.0.3
Erlang/OTP versions 27.x prior to 27.3.4.14
Description
Improper enforcement of message integrity during transmission in the
tls gen connection module allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client application later treats as authenticated server data. The function handle protocol record() fails to reject APPLICATION DATA records that arrive in pre-handshake states when the endpoint acts as a client. An attacker can send plaintext APPLICATION DATA records during the handshake, which are buffered and delivered to the application as authenticated post-handshake data once the handshake completes. This results in the blind injection of unauthenticated bytes. The injection window is wider for TLS versions prior to TLS 1.3 than for TLS 1.3.Recommendations
Update Erlang/OTP to version 29.0.3 or later.
Update Erlang/OTP to version 28.5.0.3 or later.
Update Erlang/OTP to version 27.3.4.14 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Erlang/Otp