Erlang
This hub aggregates every CVE we track for Erlang, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
17
CVEs tracked
2
Critical
4
High
0
In CISA KEV
Severity distribution
MEDIUM10HIGH4CRITICAL2LOW1
Monthly trend
0
0
0
0
1
0
1
1
0
1
1
0
0
4
0
0
0
0
0
3
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Erlang.
- CVE-2026-23941Request smuggling via first-wins Content-Length parsing in inets httpd9.4
- CVE-2026-23943Pre-auth SSH DoS via unbounded zlib inflate5.3
- CVE-2026-23942SFTP root escape via component-agnostic prefix check in ssh_sftpd5.4
- CVE-2025-48041SSH_FXP_OPENDIR may Lead to Exhaustion of File Handles4.3
- CVE-2025-48040Malicious Key Exchange Messages may Lead to Excessive Resource Consumption5.3
- CVE-2025-48039Unverified Paths can Cause Excessive Use of System Resources4.3
- CVE-2025-48038Unverified File Handles can Cause Excessive Use of System Resources4.3
- CVE-2025-4748Absolute path traversal in zip:unzip/1,24.4
- CVE-2025-46712Erlang/OTP SSH Has Strict KEX Violations3.7
- CVE-2025-30211KEX init error results with excessive memory usage7.5
- CVE-2025-26618SSH SFTP packet size not verified properly in Erlang OTP6.5
- CVE-2024-53846ssl fails to validate incorrect extened key usage5.5
- CVE-2022-37026In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.9.8
- CVE-2020-35733An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.7.5
- CVE-2020-25623Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used.7.5
Product normalization is registry-driven with AI assist and human review. How it works