{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-42790", "assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "state": "PUBLISHED", "assignerShortName": "EEF", "dateReserved": "2026-04-29T18:06:33.251Z", "datePublished": "2026-05-27T15:09:01.860Z", "dateUpdated": "2026-05-27T15:41:09.137Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "modules": ["pubkey_cert", "public_key"], "packageName": "public_key", "packageURL": "pkg:otp/public_key?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp&vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git", "product": "OTP", "programFiles": ["src/pubkey_cert.erl", "src/public_key.erl"], "programRoutines": [{"name": "pubkey_cert:validate_names/6"}, {"name": "public_key:pkix_verify_hostname/3"}], "repo": "https://github.com/erlang/otp", "vendor": "Erlang", "versions": [{"changes": [{"at": "1.15.1.7", "status": "unaffected"}, {"at": "1.17.1.3", "status": "unaffected"}, {"at": "1.20.3.1", "status": "unaffected"}, {"at": "1.21.1", "status": "unaffected"}], "lessThan": "*", "status": "affected", "version": "1.4", "versionType": "otp"}]}, {"collectionURL": "https://github.com", "cpes": ["cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "modules": ["pubkey_cert", "public_key"], "packageName": "erlang/otp", "packageURL": "pkg:github/erlang/otp", "product": "OTP", "programFiles": ["lib/public_key/src/pubkey_cert.erl", "lib/public_key/src/public_key.erl"], "programRoutines": [{"name": "pubkey_cert:validate_names/6"}, {"name": "public_key:pkix_verify_hostname/3"}], "repo": "https://github.com/erlang/otp", "vendor": "Erlang", "versions": [{"changes": [{"at": "26.2.5.21", "status": "unaffected"}, {"at": "27.3.4.12", "status": "unaffected"}, {"at": "28.5.0.1", "status": "unaffected"}, {"at": "29.0.1", "status": "unaffected"}], "lessThan": "*", "status": "affected", "version": "19.3", "versionType": "otp"}, {"changes": [{"at": "0769050c69d73762672b0db1347b6993a5b31759", "status": "unaffected"}, {"at": "fb67c6d1836f51105a96d8b769e71e4215a79457", "status": "unaffected"}, {"at": "21abed64eb2026b5f82f432709e4e932f9be389a", "status": "unaffected"}], "lessThan": "*", "status": "affected", "version": "b0c245e8132bb13171e277b1af59c0cec00c9459", "versionType": "git"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2.5.21", "versionStartIncluding": "19.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "versionEndExcluding": "27.3.4.12", "versionStartIncluding": "27.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "versionEndExcluding": "28.5.0.1", "versionStartIncluding": "28.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "versionEndExcluding": "29.0.1", "versionStartIncluding": "29.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "credits": [{"lang": "en", "type": "finder", "value": "John Downey"}, {"lang": "en", "type": "remediation developer", "value": "Ingela Anderton Andin"}, {"lang": "en", "type": "remediation reviewer", "value": "Dan Gudmundsson"}, {"lang": "en", "type": "remediation reviewer", "value": "Jakub Witczak"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Certificate Validation vulnerability in Erlang OTP <tt>public_key</tt> (<tt>pubkey_cert</tt> and <tt>public_key</tt> modules) allows a DNS <tt>nameConstraints</tt> bypass via subject CommonName fallback in TLS hostname verification.<p>Two flaws combine to allow a subordinate CA whose DNS <tt>nameConstraints</tt> are restricted (e.g. <tt>permitted;DNS:allowed.example.com</tt>) to issue a leaf certificate that an OTP TLS client accepts as a valid identity for an out-of-scope hostname (e.g. <tt>victim.example.com</tt>):</p><p>First, <tt>pubkey_cert:validate_names/6</tt> in <tt>lib/public_key/src/pubkey_cert.erl</tt> only checks SAN DNS entries against <tt>nameConstraints</tt>. Per RFC 5280, a permitted DNS subtree only restricts certificates that contain a DNS-typed name. A leaf with no <tt>subjectAltName</tt> therefore trivially satisfies any <tt>permitted;DNS:...</tt> constraint regardless of its subject <tt>commonName</tt>.</p><p>Second, <tt>public_key:pkix_verify_hostname/3</tt> in <tt>lib/public_key/src/public_key.erl</tt> falls back to the subject <tt>commonName</tt> when no <tt>subjectAltName</tt> is present, extracting <tt>id-at-commonName</tt> attributes as presented IDs and matching them against the reference hostname. The strict <tt>pkix_verify_hostname_match_fun(https)</tt> matcher does not suppress this fallback.</p><p>The result is that path validation accepts a CN-only leaf under a DNS-constrained intermediate (no SAN means the <tt>nameConstraints</tt> are not triggered), and hostname verification then accepts it via the CN fallback. The bypass is reachable from stock <tt>ssl:connect</tt> with <tt>verify_peer</tt>, a trusted CA, SNI, and the canonical strict <tt>https</tt> hostname matcher.</p><p>This issue affects OTP from OTP 19.3 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to <tt>public_key</tt> from 1.4 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1.</p>"}], "value": "Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification.\n\nTwo flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted (e.g. permitted;DNS:allowed.example.com) to issue a leaf certificate that an OTP TLS client accepts as a valid identity for an out-of-scope hostname (e.g. victim.example.com):\n\nFirst, pubkey_cert:validate_names/6 in lib/public_key/src/pubkey_cert.erl only checks SAN DNS entries against nameConstraints. Per RFC 5280, a permitted DNS subtree only restricts certificates that contain a DNS-typed name. A leaf with no subjectAltName therefore trivially satisfies any permitted;DNS:... constraint regardless of its subject commonName.\n\nSecond, public_key:pkix_verify_hostname/3 in lib/public_key/src/public_key.erl falls back to the subject commonName when no subjectAltName is present, extracting id-at-commonName attributes as presented IDs and matching them against the reference hostname. The strict pkix_verify_hostname_match_fun(https) matcher does not suppress this fallback.\n\nThe result is that path validation accepts a CN-only leaf under a DNS-constrained intermediate (no SAN means the nameConstraints are not triggered), and hostname verification then accepts it via the CN fallback. The bypass is reachable from stock ssl:connect with verify_peer, a trusted CA, SNI, and the canonical strict https hostname matcher.\n\nThis issue affects OTP from OTP 19.3 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 1.4 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1."}], "impacts": [{"capecId": "CAPEC-475", "descriptions": [{"lang": "en", "value": "CAPEC-475 Signature Spoofing by Improper Validation"}]}], "metrics": [{"cvssV4_0": {"attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 7.6, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation", "lang": "en", "type": "CWE"}, {"cweId": "CWE-297", "description": "CWE-297 Improper Validation of Certificate with Host Mismatch", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "shortName": "EEF", "dateUpdated": "2026-05-27T15:41:09.137Z"}, "references": [{"tags": ["vendor-advisory", "related"], "url": "https://github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447"}, {"tags": ["related"], "url": "https://cna.erlef.org/cves/CVE-2026-42790.html"}, {"tags": ["related"], "url": "https://osv.dev/vulnerability/EEF-CVE-2026-42790"}, {"tags": ["x_version-scheme"], "url": "https://www.erlang.org/doc/system/versions.html#order-of-versions"}, {"tags": ["patch"], "url": "https://github.com/erlang/otp/commit/0769050c69d73762672b0db1347b6993a5b31759"}, {"tags": ["patch"], "url": "https://github.com/erlang/otp/commit/fb67c6d1836f51105a96d8b769e71e4215a79457"}, {"tags": ["patch"], "url": "https://github.com/erlang/otp/commit/21abed64eb2026b5f82f432709e4e932f9be389a"}], "source": {"discovery": "EXTERNAL"}, "title": "nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The <tt>verify_fun</tt> option in the <tt>ssl</tt> application can be used to ensure that TLS connections fail if the end-entity certificate is missing the <tt>subjectAltName</tt> extension or has no domain name. Do not use a <tt>verify_fun</tt> that accepts the <tt>name_not_permitted</tt> error."}], "value": "The verify_fun option in the ssl application can be used to ensure that TLS connections fail if the end-entity certificate is missing the subjectAltName extension or has no domain name. Do not use a verify_fun that accepts the name_not_permitted error."}], "x_generator": {"engine": "cvelib 1.8.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification.\n\nTwo flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted (e.g. permitted;DNS:allowed.example.com) to issue a leaf certificate that an OTP TLS client accepts as a valid identity for an out-of-scope hostname (e.g. victim.example.com):\n\nFirst, pubkey_cert:validate_names/6 in lib/public_key/src/pubkey_cert.erl only checks SAN DNS entries against nameConstraints. Per RFC 5280, a permitted DNS subtree only restricts certificates that contain a DNS-typed name. A leaf with no subjectAltName therefore trivially satisfies any permitted;DNS:... constraint regardless of its subject commonName.\n\nSecond, public_key:pkix_verify_hostname/3 in lib/public_key/src/public_key.erl falls back to the subject commonName when no subjectAltName is present, extracting id-at-commonName attributes as presented IDs and matching them against the reference hostname. The strict pkix_verify_hostname_match_fun(https) matcher does not suppress this fallback.\n\nThe result is that path validation accepts a CN-only leaf under a DNS-constrained intermediate (no SAN means the nameConstraints are not triggered), and hostname verification then accepts it via the CN fallback. The bypass is reachable from stock ssl:connect with verify_peer, a trusted CA, SNI, and the canonical strict https hostname matcher.\n\nThis issue affects OTP from OTP 19.3 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 1.4 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1."}], "id": "CVE-2026-42790", "lastModified": "2026-05-27T17:16:36.030", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "type": "Secondary"}]}, "published": "2026-05-27T17:16:36.030", "references": [{"source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "url": "https://cna.erlef.org/cves/CVE-2026-42790.html"}, {"source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "url": "https://github.com/erlang/otp/commit/0769050c69d73762672b0db1347b6993a5b31759"}, {"source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "url": "https://github.com/erlang/otp/commit/21abed64eb2026b5f82f432709e4e932f9be389a"}, {"source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "url": "https://github.com/erlang/otp/commit/fb67c6d1836f51105a96d8b769e71e4215a79457"}, {"source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "url": "https://github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447"}, {"source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "url": "https://osv.dev/vulnerability/EEF-CVE-2026-42790"}, {"source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "url": "https://www.erlang.org/doc/system/versions.html#order-of-versions"}], "sourceIdentifier": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}, {"lang": "en", "value": "CWE-297"}], "source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "type": "Secondary"}]}

{}

{}