CVE-2026-42790
Description
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted (e.g. permitted;DNS:allowed.example.com) to issue a leaf certificate that an OTP TLS client accepts as a valid identity for an out-of-scope hostname (e.g. victim.example.com): First, pubkey_cert:validate_names/6 in lib/public_key/src/pubkey_cert.erl only checks SAN DNS entries against nameConstraints. Per RFC 5280, a permitted DNS subtree only restricts certificates that contain a DNS-typed name. A leaf with no subjectAltName therefore trivially satisfies any permitted;DNS:... constraint regardless of its subject commonName. Second, public_key:pkix_verify_hostname/3 in lib/public_key/src/public_key.erl falls back to the subject commonName when no subjectAltName is present, extracting id-at-commonName attributes as presented IDs and matching them against the reference hostname. The strict pkix_verify_hostname_match_fun(https) matcher does not suppress this fallback. The result is that path validation accepts a CN-only leaf under a DNS-constrained intermediate (no SAN means the nameConstraints are not triggered), and hostname verification then accepts it via the CN fallback. The bypass is reachable from stock ssl:connect with verify_peer, a trusted CA, SNI, and the canonical strict https hostname matcher. This issue affects OTP from OTP 19.3 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 1.4 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
CVE-2026-42790 NameCVE-2026-42790 DescriptionImproper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted (e.g. permitted;DNS:allowed.example.com) to issue a leafβ¦
CVE-2026-42790
| Name | CVE-2026-42790 |
| Description | Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted (e.g. permitted;DNS:allowed.example.com) to issue a leaf certificate that an OTP TLS client accepts as a valid identity for an out-of-scope hostname (e.g. victim.example.com): First, pubkey_cert:validate_names/6 in lib/public_key/src/pubkey_cert.erl only checks SAN DNS entries against nameConstraints. Per RFC 5280, a permitted DNS subtree only restricts certificates that contain a DNS-typed name. A leaf with no subjectAltName therefore trivially satisfies any permitted;DNS:... constraint regardless of its subject commonName. Second, public_key:pkix_verify_hostname/3 in lib/public_key/src/public_key.erl falls back to the subject commonName when no subjectAltName is present, extracting id-at-commonName attributes as presented IDs and matching them against the reference hostname. The strict pkix_verify_hostname_match_fun(https) matcher does not suppress this fallback. The result is that path validation accepts a CN-only leaf under a DNS-constrained intermediate (no SAN means the nameConstraints are not triggered), and hostname verification then accepts it via the CN fallback. The bypass is reachable from stock ssl:connect with verify_peer, a trusted CA, SNI, and the canonical strict https hostname matcher. This issue affects OTP from OTP 19.3 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 1.4 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| erlang (PTS) | bullseye | 1:23.2.6+dfsg-1+deb11u1 | vulnerable |
| bullseye (security) | 1:23.2.6+dfsg-1+deb11u4 | vulnerable | |
| bookworm | 1:25.2.3+dfsg-1+deb12u4 | vulnerable | |
| bookworm (security) | 1:25.2.3+dfsg-1+deb12u1 | vulnerable | |
| trixie | 1:27.3.4.1+dfsg-1+deb13u2 | vulnerable | |
| forky | 1:27.3.4.11+dfsg-7 | vulnerable | |
| sid | 1:27.3.4.12+dfsg-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| erlang | source | (unstable) | 1:27.3.4.12+dfsg-1 |
Notes
https://github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447
https://cna.erlef.org/cves/CVE-2026-42790.html
https://osv.dev/vulnerability/EEF-CVE-2026-42790
https://github.com/erlang/otp/commit/0769050c69d73762672b0db1347b6993a5b31759 (OTP-26.2.5.21)
https://github.com/erlang/otp/commit/fb67c6d1836f51105a96d8b769e71e4215a79457 (OTP-27.3.4.12)
https://github.com/erlang/otp/commit/21abed64eb2026b5f82f432709e4e932f9be389a (OTP-29.0.1, OTP-28.5.0.1)
Apply commands
https://github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447https://cna.erlef.org/cves/CVE-2026-42790.htmlhttps://osv.dev/vulnerability/EEF-CVE-2026-42790https://github.com/erlang/otp/commit/0769050c69d73762672b0db1347b6993a5b31759 (OTP-26.2.5.21)https://github.com/erlang/otp/commit/fb67c6d1836f51105a96d8b769e71e4215a79457 (OTP-27.3.4.12)https://github.com/erlang/otp/commit/21abed64eb2026b5f82f432709e4e932f9be389a (OTP-29.0.1, OTP-28.5.0.1)OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | affected | |
| debian | bullseye | affected | |
| debian | forky | affected | |
| debian | sid | fixed | 1:27.3.4.12+dfsg-1 |
| debian | trixie | affected | |
References
- https://github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447
- https://cna.erlef.org/cves/CVE-2026-42790.html
- https://osv.dev/vulnerability/EEF-CVE-2026-42790
- https://www.erlang.org/doc/system/versions.html#order-of-versions
- https://github.com/erlang/otp/commit/0769050c69d73762672b0db1347b6993a5b31759
- https://github.com/erlang/otp/commit/fb67c6d1836f51105a96d8b769e71e4215a79457
- https://github.com/erlang/otp/commit/21abed64eb2026b5f82f432709e4e932f9be389a
- https://www.suse.com/security/cve/CVE-2026-42790.html
- https://security-tracker.debian.org/tracker/CVE-2026-42790
CWEs
CWE-295 CWE-297
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.