Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

OTP — Vulnerabilities & Security Advisories 18

All 18 CVE vulnerabilities found in OTP, with AI-generated Chinese analysis, references, and POCs.

Vendor: erlang

CVE IDTitleCVSSSeverityPublished
CVE-2026-32147 SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT CWE-22 6.5AIMediumAI2026-04-21
CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch) CWE-863 9.8AICriticalAI2026-04-07
CVE-2026-32144 OCSP designated-responder authorization bypass via missing signature verification CWE-295 5.9AIMediumAI2026-04-07
CVE-2026-28810 Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver CWE-340 5.0AIMediumAI2026-04-07
CVE-2026-23941 Request smuggling via first-wins Content-Length parsing in inets httpd CWE-444 8.2 -2026-03-13
CVE-2026-23943 Pre-auth SSH DoS via unbounded zlib inflate CWE-409 7.5 -2026-03-13
CVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpd CWE-22 4.3 -2026-03-13
CVE-2026-21620 TFTP Path Traversal CWE-23 9.1AICriticalAI2026-02-20
CVE-2025-48041 SSH_FXP_OPENDIR may Lead to Exhaustion of File Handles CWE-770 7.5AIHighAI2025-09-11
CVE-2025-48040 Malicious Key Exchange Messages may Lead to Excessive Resource Consumption CWE-400 7.5AIHighAI2025-09-11
CVE-2025-48039 Unverified Paths can Cause Excessive Use of System Resources CWE-770 7.5AIHighAI2025-09-11
CVE-2025-48038 Unverified File Handles can Cause Excessive Use of System Resources CWE-770 7.5AIHighAI2025-09-11
CVE-2025-4748 Absolute path traversal in zip:unzip/1,2 CWE-22 9.1AICriticalAI2025-06-16
CVE-2025-46712 Erlang/OTP SSH Has Strict KEX Violations CWE-440 3.7 Low2025-05-08
CVE-2025-32433 Erlang/OTP SSH Vulnerable to Pre-Authentication RCE CWE-306 10.0 Critical2025-04-16
CVE-2025-30211 KEX init error results with excessive memory usage CWE-789 7.5 High2025-03-28
CVE-2025-26618 SSH SFTP packet size not verified properly in Erlang OTP CWE-789 5.9 -2025-02-20
CVE-2024-53846 ssl fails to validate incorrect extened key usage CWE-295 5.5 Medium2024-12-05

All 18 known CVE vulnerabilities affecting OTP with full Chinese analysis, references, and POCs where available.