Erlang OTP Vulnerabilities: CVEs, CISA KEV & Security Advisories

This page aggregates every publicly disclosed vulnerability (CVE) affecting Erlang OTP, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.

Affected versions and CVEs

Browse every Erlang OTP version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

OTP_17.0-rc118 CVEs
OTP_17.0-rc218 CVEs
OTP_R13B0318 CVEs
OTP_R13B0418 CVEs
OTP_R14A18 CVEs
OTP_R14B18 CVEs
OTP_R14B0118 CVEs
OTP_R14B0218 CVEs
OTP_R14B0318 CVEs
OTP_R15A18 CVEs
OTP_R15B18 CVEs
OTP_R16A_RELEASE_CANDIDATE18 CVEs
OTP_R16B18 CVEs
OTP-17.018 CVEs
OTP-18.018 CVEs
OTP-18.0-rc118 CVEs
OTP-19.017 CVEs
OTP-19.0-rc117 CVEs
OTP-19.0-rc217 CVEs
OTP-20.016 CVEs
OTP-20.0-rc116 CVEs
OTP-20.0-rc216 CVEs
OTP-21.016 CVEs
OTP-21.0-rc116 CVEs
OTP-21.0-rc216 CVEs
OTP-22.016 CVEs
OTP-22.0-rc116 CVEs
OTP-22.0-rc216 CVEs
OTP-22.0-rc316 CVEs
OTP-23.015 CVEs
OTP-23.0-rc115 CVEs
OTP-23.0-rc215 CVEs
OTP-23.0-rc315 CVEs
OTP-24.014 CVEs
OTP-24.0-rc113 CVEs
OTP-24.0-rc213 CVEs
OTP-24.0-rc313 CVEs
OTP-25.013 CVEs
OTP-25.0-rc113 CVEs
OTP-25.0-rc213 CVEs
OTP-25.0-rc313 CVEs
OTP-26.213 CVEs
OTP-26.2.313 CVEs
OTP-26.2.413 CVEs
OTP-26.2.513 CVEs
OTP-26.2.5.113 CVEs
OTP-26.2.5.213 CVEs
OTP-26.2.5.313 CVEs
OTP-26.2.5.413 CVEs
OTP-26.2.5.513 CVEs
OTP-26.2.5.613 CVEs
OTP-27.013 CVEs
OTP-27.113 CVEs
patch-base-2613 CVEs
OTP-26.012 CVEs
OTP-26.0-rc112 CVEs
OTP-26.0-rc212 CVEs
OTP-26.0-rc312 CVEs
OTP-26.112 CVEs
OTP-26.2.5.712 CVEs
OTP-26.2.5.812 CVEs
OTP-26.2.5.912 CVEs
OTP-27.0-rc112 CVEs
OTP-27.0-rc212 CVEs
OTP-27.0-rc312 CVEs
OTP-27.212 CVEs
OTP-27.312 CVEs
OTP-26.2.5.1011 CVEs
OTP-27.3.111 CVEs
OTP-27.3.211 CVEs
OTP-26.2.5.1110 CVEs
OTP-27.3.310 CVEs
OTP_R14B049 CVEs
OTP_R15B019 CVEs
OTP_R15B029 CVEs
OTP_R15B039 CVEs
OTP_R15B03-19 CVEs
OTP_R16B019 CVEs
OTP_R16B01_RC19 CVEs
OTP_R16B029 CVEs
OTP_R16B039 CVEs
OTP_R16B03_yielding_binary_to_term9 CVEs
OTP_R16B03-19 CVEs
OTP-17.0.19 CVEs
OTP-17.0.29 CVEs
OTP-17.19 CVEs
OTP-17.1.19 CVEs
OTP-17.1.29 CVEs
OTP-17.29 CVEs
OTP-17.2.19 CVEs
OTP-17.2.29 CVEs
OTP-17.39 CVEs
OTP-17.3.19 CVEs
OTP-17.3.29 CVEs
OTP-17.3.39 CVEs
OTP-17.3.49 CVEs
OTP-17.49 CVEs
OTP-17.4.19 CVEs
OTP-17.59 CVEs
OTP-17.5.19 CVEs
OTP-17.5.29 CVEs
OTP-17.5.39 CVEs
OTP-17.5.49 CVEs
OTP-17.5.59 CVEs
OTP-17.5.69 CVEs
OTP-18.0-rc29 CVEs
OTP-26.2.5.129 CVEs
OTP-27.3.49 CVEs
patch-base-279 CVEs
R16B02_yielding_binary_to_term9 CVEs
OTP-17.5.6.18 CVEs
OTP-17.5.6.28 CVEs
OTP-17.5.6.38 CVEs
OTP-17.5.6.48 CVEs
OTP-17.5.6.58 CVEs
OTP-17.5.6.68 CVEs
OTP-17.5.6.78 CVEs
OTP-17.5.6.88 CVEs
OTP-17.5.6.98 CVEs
OTP-18.0.18 CVEs
OTP-18.0.28 CVEs
OTP-18.0.38 CVEs
OTP-18.18 CVEs
OTP-18.1.18 CVEs
OTP-18.1.28 CVEs
OTP-18.1.38 CVEs
OTP-18.1.48 CVEs
OTP-18.1.58 CVEs
OTP-18.28 CVEs
OTP-18.2.18 CVEs
OTP-18.2.28 CVEs
OTP-18.2.38 CVEs
OTP-18.2.48 CVEs
OTP-18.2.4.0.18 CVEs
OTP-18.2.4.18 CVEs
OTP-18.38 CVEs
OTP-18.3.18 CVEs
OTP-18.3.28 CVEs
OTP-18.3.38 CVEs
OTP-18.3.48 CVEs
OTP-18.3.4.18 CVEs
OTP-18.3.4.28 CVEs
OTP-18.3.4.38 CVEs
OTP-18.3.4.48 CVEs
OTP-18.3.4.58 CVEs
OTP-18.3.4.68 CVEs
OTP-18.3.4.78 CVEs
OTP-19.0.18 CVEs
OTP-19.0.28 CVEs
OTP-19.0.38 CVEs
OTP-19.0.48 CVEs
OTP-19.0.58 CVEs
OTP-19.0.68 CVEs
OTP-19.0.78 CVEs
OTP-19.18 CVEs
OTP-19.1.18 CVEs
OTP-19.1.28 CVEs
OTP-19.1.38 CVEs
OTP-19.1.48 CVEs
OTP-19.1.58 CVEs
OTP-19.1.68 CVEs
OTP-19.1.6.18 CVEs
OTP-19.28 CVEs
OTP-19.2.18 CVEs
OTP-19.2.28 CVEs
OTP-19.2.38 CVEs
OTP-19.38 CVEs
OTP-19.3.18 CVEs
OTP-19.3.28 CVEs
OTP-19.3.38 CVEs
OTP-19.3.48 CVEs
OTP-19.3.58 CVEs
OTP-19.3.68 CVEs
OTP-19.3.6.18 CVEs
OTP-19.3.6.28 CVEs
OTP-19.3.6.38 CVEs
OTP-19.3.6.48 CVEs
OTP-26.2.5.138 CVEs
OTP-26.2.5.148 CVEs
OTP-17.5.6.107 CVEs
OTP-18.3.4.1.17 CVEs
OTP-18.3.4.107 CVEs
OTP-18.3.4.117 CVEs
OTP-18.3.4.87 CVEs
OTP-18.3.4.97 CVEs
OTP-19.2.3.17 CVEs
OTP-19.3.6.107 CVEs
OTP-19.3.6.117 CVEs
OTP-19.3.6.127 CVEs
OTP-19.3.6.137 CVEs
OTP-19.3.6.57 CVEs
OTP-19.3.6.67 CVEs
OTP-19.3.6.77 CVEs
OTP-19.3.6.87 CVEs
OTP-19.3.6.97 CVEs
OTP-20.0.17 CVEs
OTP-20.0.27 CVEs
OTP-20.0.37 CVEs
OTP-20.0.47 CVEs
OTP-20.0.57 CVEs
OTP-20.17 CVEs
OTP-20.1.17 CVEs
OTP-20.1.27 CVEs
OTP-20.1.37 CVEs
OTP-20.1.47 CVEs
OTP-20.1.57 CVEs
OTP-20.1.67 CVEs
OTP-20.1.77 CVEs
OTP-20.1.7.17 CVEs
OTP-20.27 CVEs
OTP-20.2.0.17 CVEs
OTP-20.2.17 CVEs
OTP-20.2.27 CVEs
OTP-20.2.37 CVEs
OTP-20.2.47 CVEs
OTP-20.37 CVEs
OTP-20.3.17 CVEs
OTP-20.3.27 CVEs
OTP-20.3.2.17 CVEs
OTP-20.3.37 CVEs
OTP-20.3.47 CVEs
OTP-20.3.57 CVEs
OTP-20.3.67 CVEs
OTP-20.3.77 CVEs
OTP-20.3.87 CVEs
OTP-20.3.8.17 CVEs
OTP-20.3.8.107 CVEs
OTP-20.3.8.117 CVEs
OTP-20.3.8.127 CVEs
OTP-20.3.8.137 CVEs
OTP-20.3.8.147 CVEs
OTP-20.3.8.157 CVEs
OTP-20.3.8.167 CVEs
OTP-20.3.8.177 CVEs
OTP-20.3.8.187 CVEs
OTP-20.3.8.197 CVEs
OTP-20.3.8.27 CVEs
OTP-20.3.8.207 CVEs
OTP-20.3.8.217 CVEs
OTP-20.3.8.227 CVEs
OTP-20.3.8.37 CVEs
OTP-20.3.8.47 CVEs
OTP-20.3.8.57 CVEs
OTP-20.3.8.67 CVEs
OTP-20.3.8.77 CVEs
OTP-20.3.8.87 CVEs
OTP-20.3.8.97 CVEs
OTP-21.0.17 CVEs
OTP-21.0.27 CVEs
OTP-21.0.37 CVEs
OTP-21.0.47 CVEs
OTP-21.0.57 CVEs
OTP-21.0.67 CVEs
OTP-21.0.77 CVEs
OTP-21.0.87 CVEs
OTP-21.0.97 CVEs
OTP-21.17 CVEs
OTP-21.1.17 CVEs
OTP-21.1.27 CVEs
OTP-21.1.37 CVEs
OTP-21.1.47 CVEs
OTP-21.27 CVEs
OTP-21.2.17 CVEs
OTP-21.2.27 CVEs
OTP-21.2.37 CVEs
OTP-21.2.47 CVEs
OTP-21.2.57 CVEs
OTP-21.2.67 CVEs
OTP-21.2.77 CVEs
OTP-21.37 CVEs
OTP-21.3.17 CVEs
OTP-21.3.27 CVEs
OTP-21.3.37 CVEs
OTP-21.3.47 CVEs
OTP-21.3.57 CVEs
OTP-21.3.67 CVEs
OTP-21.3.77 CVEs
OTP-21.3.7.17 CVEs
OTP-21.3.87 CVEs
OTP-21.3.8.17 CVEs
OTP-21.3.8.27 CVEs
OTP-21.3.8.37 CVEs
OTP-21.3.8.47 CVEs
OTP-21.3.8.57 CVEs
OTP-21.3.8.67 CVEs
OTP-21.3.8.77 CVEs
OTP-22.0.17 CVEs
OTP-22.0.27 CVEs
OTP-22.0.37 CVEs
OTP-22.0.47 CVEs
OTP-22.0.57 CVEs
OTP-22.0.67 CVEs
OTP-22.0.77 CVEs
OTP-22.17 CVEs
OTP-22.37 CVEs
OTP-22.3.17 CVEs
OTP-22.3.27 CVEs
OTP-22.3.37 CVEs
OTP-22.3.47 CVEs
OTP-22.3.4.17 CVEs
OTP-22.3.4.27 CVEs
OTP-22.3.4.37 CVEs
OTP-22.3.4.47 CVEs
OTP-22.3.4.57 CVEs
OTP-20.3.8.236 CVEs
OTP-20.3.8.246 CVEs
OTP-20.3.8.256 CVEs
OTP-20.3.8.266 CVEs
OTP-21.3.8.106 CVEs
OTP-21.3.8.116 CVEs
OTP-21.3.8.126 CVEs
OTP-21.3.8.136 CVEs
OTP-21.3.8.146 CVEs
OTP-21.3.8.156 CVEs
OTP-21.3.8.166 CVEs
OTP-21.3.8.176 CVEs
OTP-21.3.8.186 CVEs
OTP-21.3.8.86 CVEs
OTP-21.3.8.96 CVEs
OTP-22.1.16 CVEs
OTP-22.1.26 CVEs
OTP-22.1.36 CVEs
OTP-22.1.46 CVEs
OTP-22.1.56 CVEs
OTP-22.1.66 CVEs
OTP-22.1.76 CVEs
OTP-22.1.86 CVEs
OTP-22.1.8.16 CVEs
OTP-22.26 CVEs
OTP-22.2.16 CVEs
OTP-22.2.26 CVEs
OTP-22.2.36 CVEs
OTP-22.2.46 CVEs
OTP-22.2.56 CVEs
OTP-22.2.66 CVEs
OTP-22.2.76 CVEs
OTP-22.2.86 CVEs
OTP-22.3.4.106 CVEs
OTP-22.3.4.116 CVEs
OTP-22.3.4.126 CVEs
OTP-22.3.4.136 CVEs
OTP-22.3.4.66 CVEs
OTP-22.3.4.76 CVEs
OTP-22.3.4.86 CVEs
OTP-22.3.4.96 CVEs
OTP-23.0.16 CVEs
OTP-23.0.26 CVEs
OTP-23.0.36 CVEs
OTP-23.0.46 CVEs
OTP-23.16 CVEs
OTP-23.1.16 CVEs
OTP-23.1.26 CVEs
OTP-23.1.36 CVEs
OTP-23.1.46 CVEs
OTP-23.1.56 CVEs
OTP-23.26 CVEs
OTP-23.2.16 CVEs
OTP-21.3.8.245 CVEs
OTP-22.3.4.195 CVEs
OTP-22.3.4.205 CVEs
OTP-22.3.4.215 CVEs
OTP-22.3.4.225 CVEs
OTP-22.3.4.235 CVEs
OTP-22.3.4.245 CVEs
OTP-23.1.4.15 CVEs
OTP-23.2.25 CVEs
OTP-23.2.7.45 CVEs
OTP-23.3.4.15 CVEs
OTP-23.3.4.105 CVEs
OTP-23.3.4.115 CVEs
OTP-23.3.4.125 CVEs
OTP-23.3.4.135 CVEs
OTP-23.3.4.145 CVEs
OTP-23.3.4.25 CVEs
OTP-23.3.4.35 CVEs
OTP-23.3.4.45 CVEs
OTP-23.3.4.55 CVEs
OTP-23.3.4.65 CVEs
OTP-23.3.4.75 CVEs
OTP-23.3.4.85 CVEs
OTP-23.3.4.95 CVEs
OTP-24.0.15 CVEs
OTP-24.0.25 CVEs
OTP-24.0.35 CVEs
OTP-24.0.45 CVEs
OTP-24.0.55 CVEs
OTP-24.0.65 CVEs
OTP-24.15 CVEs
OTP-24.1.15 CVEs
OTP-24.1.25 CVEs
OTP-24.1.35 CVEs
OTP-24.1.45 CVEs
OTP-24.1.55 CVEs
OTP-24.1.65 CVEs
OTP-24.1.75 CVEs
OTP-24.25 CVEs
OTP-24.2.15 CVEs
OTP-24.2.25 CVEs
OTP-24.35 CVEs
OTP-24.3.15 CVEs
OTP-24.3.25 CVEs
OTP-24.3.35 CVEs
OTP-24.3.45 CVEs
OTP-24.3.4.15 CVEs
OTP-25.3.2.105 CVEs
OTP-25.3.2.115 CVEs
OTP-25.3.2.125 CVEs
OTP-25.3.2.135 CVEs
OTP-25.3.2.145 CVEs
OTP-25.3.2.155 CVEs
OTP-25.3.2.165 CVEs
OTP-25.3.2.85 CVEs
OTP-25.3.2.95 CVEs
OTP-28.05 CVEs
OTP-28.0-rc15 CVEs
OTP-28.0-rc25 CVEs
OTP-28.0-rc35 CVEs
OTP-28.0-rc45 CVEs
patch-base-245 CVEs
OTP-21.3.8.194 CVEs
OTP-21.3.8.204 CVEs
OTP-21.3.8.214 CVEs
OTP-21.3.8.224 CVEs
OTP-21.3.8.234 CVEs
OTP-22.3.4.12.14 CVEs
OTP-22.3.4.144 CVEs
OTP-22.3.4.154 CVEs
OTP-22.3.4.164 CVEs
OTP-22.3.4.174 CVEs
OTP-22.3.4.184 CVEs
OTP-22.3.4.254 CVEs
OTP-22.3.4.264 CVEs
OTP-23.2.34 CVEs
OTP-23.2.44 CVEs
OTP-23.2.54 CVEs
OTP-23.2.64 CVEs
OTP-23.2.74 CVEs
OTP-23.2.7.14 CVEs
OTP-23.2.7.24 CVEs
OTP-23.2.7.34 CVEs
OTP-23.2.7.54 CVEs
OTP-23.34 CVEs
OTP-23.3.14 CVEs
OTP-23.3.24 CVEs
OTP-23.3.34 CVEs
OTP-23.3.44 CVEs
OTP-23.3.4.154 CVEs
OTP-23.3.4.164 CVEs
OTP-23.3.4.174 CVEs
OTP-23.3.4.184 CVEs
OTP-24.3.4.154 CVEs
OTP-24.3.4.164 CVEs
OTP-24.3.4.24 CVEs
OTP-24.3.4.34 CVEs
OTP-24.3.4.44 CVEs
OTP-24.3.4.54 CVEs
OTP-24.3.4.64 CVEs
OTP-24.3.4.74 CVEs
OTP-24.3.4.84 CVEs
OTP-24.3.4.94 CVEs
OTP-25.0.14 CVEs
OTP-25.0.24 CVEs
OTP-25.0.34 CVEs
OTP-25.0.44 CVEs
OTP-25.14 CVEs
OTP-25.1.14 CVEs
OTP-25.1.24 CVEs
OTP-25.1.2.14 CVEs
OTP-25.24 CVEs
OTP-25.2.14 CVEs
OTP-25.2.24 CVEs
OTP-25.2.34 CVEs
OTP-25.34 CVEs
OTP-25.3.14 CVEs
OTP-25.3.24 CVEs
OTP-25.3.2.14 CVEs
OTP-25.3.2.174 CVEs
OTP-25.3.2.24 CVEs
OTP-25.3.2.34 CVEs
OTP-25.3.2.44 CVEs
OTP-25.3.2.54 CVEs
OTP-25.3.2.64 CVEs
OTP-25.3.2.74 CVEs
OTP-26.2.14 CVEs
OTP-26.2.24 CVEs
OTP-26.2.5.154 CVEs
OTP-26.2.5.164 CVEs
OTP-27.0.14 CVEs
OTP-27.1.14 CVEs
OTP-27.1.24 CVEs
OTP-27.1.34 CVEs
OTP-27.3.4.14 CVEs
OTP-27.3.4.24 CVEs
OTP-27.3.4.34 CVEs
OTP-27.3.4.44 CVEs
OTP-27.3.4.54 CVEs
OTP-27.3.4.64 CVEs
OTP-27.3.4.74 CVEs
OTP-28.14 CVEs
patch-base-254 CVEs
OTP-22.3.4.273 CVEs
OTP-23.3.4.193 CVEs
OTP-23.3.4.203 CVEs
OTP-24.3.4.103 CVEs
OTP-24.3.4.113 CVEs
OTP-24.3.4.123 CVEs
OTP-24.3.4.133 CVEs
OTP-24.3.4.143 CVEs
OTP-24.3.4.173 CVEs
OTP-25.3.2.183 CVEs
OTP-26.0.13 CVEs
OTP-26.0.23 CVEs
OTP-26.1.13 CVEs
OTP-26.1.23 CVEs
OTP-26.2.5.173 CVEs
OTP-27.2.13 CVEs
OTP-27.2.23 CVEs
OTP-27.2.33 CVEs
OTP-27.2.43 CVEs
OTP-27.3.4.83 CVEs
OTP-28.43 CVEs
OTP-25.3.2.192 CVEs
< OTP 25.3.2.211 CVE
< OTP-25.3.2.181 CVE
< OTP-25.3.2.191 CVE
< OTP-25.3.2.201 CVE
< OTP-26.2.5.101 CVE
< OTP-27.3.11 CVE
>= 25.3.2.8, <= 25.3.2.161 CVE
>= 26.2, <= 26.2.5.61 CVE
>= 27.0, <= 27.1.31 CVE
>= OTP 26.2.1, < OTP 26.2.5.121 CVE
>= OTP 27.0, < OTP 27.3.41 CVE
>= OTP-26.0-rc1, < OTP-26.2.5.111 CVE
>= OTP-26.0.0.0, < OTP-26.2.5.91 CVE
>= OTP-27.0-rc1, < OTP-27.3.31 CVE
>= OTP-27.0.0, < OTP-27.2.41 CVE
OTP-25.3.2.201 CVE
OTP-28.31 CVE
OTP-28.3.11 CVE

Fixed in

26.2.5.154 CVEs
27.3.4.34 CVEs
28.0.34 CVEs
5.1.4.124 CVEs
5.2.11.34 CVEs
5.3.34 CVEs
1.17.1.33 CVEs
1.20.3.13 CVEs
1.21.13 CVEs
26.2.5.183 CVEs
27.3.4.103 CVEs
27.3.4.123 CVEs
27.3.4.93 CVEs
28.4.13 CVEs

Default status

All versions1 CVE

Find a version

28 CVEs

Sort

nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification
CVE-2026-42790
Patch
Workaround
CWE-295
High · CVSS 7.6
EPSS 0.0% (6th pct)2026-05-27
OCSP responder certificate validity period not checked in public_key
CVE-2026-42791
Patch
Workaround
CWE-295
Medium · CVSS 6.3
EPSS 0.1% (16th pct)2026-05-27
Non-CA certificate accepted as intermediate issuer in public_key path validation
CVE-2026-42789
Patch
Workaround
CWE-296
High · CVSS 7.0
EPSS 0.0% (11th pct)2026-05-27
SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT
CVE-2026-32147
Patch
Workaround
CWE-22
Medium · CVSS 5.3
EPSS 0.0% (5th pct)2026-04-21
ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)
CVE-2026-28808
Patch
Workaround
CWE-863
High · CVSS 8.3
EPSS 0.0% (11th pct)2026-04-07
OCSP designated-responder authorization bypass via missing signature verification
CVE-2026-32144
Patch
Workaround
CWE-295
High · CVSS 7.6
EPSS 0.0% (12th pct)2026-04-07
Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver
CVE-2026-28810
Patch
Workaround
CWE-340
Medium · CVSS 6.3
EPSS 0.0% (15th pct)2026-04-07
Request smuggling via first-wins Content-Length parsing in inets httpd
CVE-2026-23941
Patch
Workaround
CWE-444
High · CVSS 7.0
EPSS 0.0% (10th pct)2026-03-13
Pre-auth SSH DoS via unbounded zlib inflate
CVE-2026-23943
Patch
Workaround
CWE-409
Medium · CVSS 6.9
EPSS 0.1% (20th pct)2026-03-13
SFTP root escape via component-agnostic prefix check in ssh_sftpd
CVE-2026-23942
Patch
Workaround
CWE-22
Medium · CVSS 5.3
EPSS 0.0% (12th pct)2026-03-13
TFTP Path Traversal
CVE-2026-21620
Patch
CWE-23
Low · CVSS 2.3
EPSS 0.0% (12th pct)2026-02-20
SSH_FXP_OPENDIR may Lead to Exhaustion of File Handles
CVE-2025-48041
Patch
Workaround
CWE-400
High · CVSS 7.1
EPSS 0.2% (44th pct)2025-09-11
Malicious Key Exchange Messages may Lead to Excessive Resource Consumption
CVE-2025-48040
Patch
Workaround
CWE-400
Medium · CVSS 6.9
EPSS 0.2% (44th pct)2025-09-11
Unverified Paths can Cause Excessive Use of System Resources
CVE-2025-48039
Patch
Workaround
CWE-400
Medium · CVSS 5.3
EPSS 0.2% (44th pct)2025-09-11
Unverified File Handles can Cause Excessive Use of System Resources
CVE-2025-48038
Patch
Workaround
CWE-400
Medium · CVSS 5.3
EPSS 0.2% (44th pct)2025-09-11
Absolute path traversal in zip:unzip/1,2
CVE-2025-4748
Patch
Workaround
CWE-22
Medium · CVSS 4.8
EPSS 0.4% (59th pct)2025-06-16
Erlang/OTP SSH Has Strict KEX Violations
CVE-2025-46712
Patch
CWE-440
Low · CVSS 3.7
EPSS 0.4% (61th pct)2025-05-08
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
CVE-2025-32433
CISA KEV
Public exploit
Patch
CWE-306
Added to CISA KEV 2025-06-09
Critical · CVSS 10.0
EPSS 62.6% (98th pct)2025-04-16
KEX init error results with excessive memory usage
CVE-2025-30211
Patch
CWE-789
High · CVSS 7.5
EPSS 0.2% (36th pct)2025-03-28
SSH SFTP packet size not verified properly in Erlang OTP
CVE-2025-26618
Patch
CWE-789
High · CVSS 7.0
EPSS 0.4% (63th pct)2025-02-20
Medium vulnerability · 2024-12-05
CVE-2024-53846
Public exploit
Patch
CWE-295
Medium · CVSS 5.5
EPSS 0.1% (18th pct)2024-12-05
Critical vulnerability · 2022-09-21
CVE-2022-37026
Patch
Critical · CVSS 9.8
EPSS 0.2% (42th pct)2022-09-21
Vulnerability · 2021-04-09
CVE-2021-29221
Patch
Unscored
EPSS 0.0% (12th pct)2021-04-09
Vulnerability · 2021-01-15
CVE-2020-35733
Patch
Unscored
EPSS 0.2% (38th pct)2021-01-15
Vulnerability · 2020-10-02
CVE-2020-25623
Patch
Unscored
EPSS 0.9% (77th pct)2020-10-02
Vulnerability · 2019-12-10
CVE-2016-1000107
Unscored
EPSS 0.4% (61th pct)2019-12-10
Vulnerability · 2017-12-12
CVE-2017-1000385
Unscored
EPSS 83.3% (99th pct)2017-12-12
Vulnerability · 2017-03-18
CVE-2016-10253
Unscored
EPSS 0.3% (51th pct)2017-03-18

Erlang OTP Vulnerabilities

Overview

Severity and exploitation

Affected versions and CVEs

Specific versions

Fixed in

Default status

Common weakness types

Disclosure activity by year

Other Erlang products

Frequently asked questions

How many CVEs does Erlang OTP have?

How many Erlang OTP CVEs are in CISA KEV?

Are there public exploits for Erlang OTP vulnerabilities?

Which versions of Erlang OTP are affected?

What are the most common weakness types in Erlang OTP CVEs?

How many critical Erlang OTP vulnerabilities are there?

What is the average severity of Erlang OTP CVEs?

References

Track Erlang OTP vulnerabilities