OTP public_key

CVEs (2)

• CVE-2026-42790HigMay 27, 2026
  SSH

  SSH
  risk 0.42cvss —epss —

  Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints…

• CVE-2026-42791MedMay 27, 2026
  Erlang

  Otp
  risk 0.34cvss —epss —

  Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkey_ocsp:verify_response/5 and…