CVE-2026-32144

HIGH EPSS 11.5%
Published Apr 7, 20262mo ago · Modified Jun 17, 20262w ago
7.6 CVSS 4.0
High
Find Similar
Published Apr 7, 2026 2mo ago
Last Modified Jun 17, 2026 2w ago

Description

Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in public_key:pkix_ocsp_validate/5 does not verify that a CA-designated responder certificate was cryptographically signed by the issuing CA. Instead, it only checks that the responder certificate's issuer name matches the CA's subject name and that the certificate has the OCSPSigning extended key usage. An attacker who can intercept or control OCSP responses can create a self-signed certificate with a matching issuer name and the OCSPSigning EKU, and use it to forge OCSP responses that mark revoked certificates as valid. This affects SSL/TLS clients using OCSP stapling, which may accept connections to servers with revoked certificates, potentially transmitting sensitive data to compromised servers. Applications using the public_key:pkix_ocsp_validate/5 API directly are also affected, with impact depending on usage context. This vulnerability is associated with program files lib/public_key/src/pubkey_ocsp.erl and program routines pubkey_ocsp:is_authorized_responder/3. This issue affects OTP from OTP 27.0 until OTP 28.4.2 and 27.3.4.10 corresponding to public_key from 1.16 until 1.20.3 and 1.17.1.2, and ssl from 11.2 until 11.5.4 and 11.2.12.7.

CVSS Details

Base Score
7.6
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction P
Scope X

Threat Intelligence

EPSS Exploit Probability
11.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-295

Affected Products 6

VendorProductVersionRange
erlangerlang\/otp*≥27.0  –  <27.3.4.10
erlangerlang\/otp*≥28.0  –  <28.4.2
erlangerlang\/public_key*≥1.16  –  <1.17.1.2
erlangerlang\/public_key*≥1.18  –  <1.20.3
erlangerlang\/ssl*≥11.2  –  <11.2.12.7
erlangerlang\/ssl*>11.3  –  <11.5.4

References 6

  • cna.erlef.org https://cna.erlef.org/cves/CVE-2026-32144.html
    MitigationVendor Advisory
  • github.com https://github.com/erlang/otp/commit/49033a6d93a5be0ee0dce04e1fb8b4ae7de1e0c0
    Patch
  • github.com https://github.com/erlang/otp/commit/ac7ff528be857c5d35eb29c7f24106e3a16d4891
    Patch
  • github.com https://github.com/erlang/otp/security/advisories/GHSA-gxrm-pf64-99xm
    MitigationThird Party Advisory
  • osv.dev https://osv.dev/vulnerability/EEF-CVE-2026-32144
    Third Party Advisory
  • erlang.org https://www.erlang.org/doc/system/versions.html#order-of-versions
    Vendor Advisory

Remediation

  • github.com https://github.com/erlang/otp/commit/49033a6d93a5be0ee0dce04e1fb8b4ae7de1e0c0
    Patch
  • github.com https://github.com/erlang/otp/commit/ac7ff528be857c5d35eb29c7f24106e3a16d4891
    Patch