CVE-2026-48860

HIGH EPSS 9.3%
Published Jun 10, 20262w ago · Modified Jun 17, 20261w ago
7.5 CVSS 4.0
High
Find Similar
Published Jun 10, 2026 2w ago
Last Modified Jun 17, 2026 1w ago

Description

Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl (inet_tls_dist module) allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inet_tls_dist:check_ip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead of inet:peername/1 to obtain the peer's IP address. Because inet:sockname/1 returns the local socket address, both the local IP and the supposed peer IP resolve to the same value, causing the subnet mask comparison to always succeed regardless of the actual remote address. Any holder of a CA-signed TLS certificate can therefore bypass the LAN restriction and gain full Erlang distribution access to the node, including rpc:call/4 and code:load_binary/3. This vulnerability is associated with program file lib/ssl/src/inet_tls_dist.erl. This issue affects OTP from OTP 26.0 before 29.0.2, 28.5.0.2 and 27.3.4.13 corresponding to ssl from 11.0 before 11.7.2, 11.6.0.2 and 11.2.12.9.

CVSS Details

Base Score
7.5
Exploitability
Impact
Vector string
CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Adjacent
Attack Complexity High
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
9.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-1025
CWE-863 Incorrect Authorization Authorization

Affected Products 6

VendorProductVersionRange
erlangerlang\/otp*≥26.0  –  <27.3.4.13
erlangerlang\/otp*≥28.0  –  <28.5.0.2
erlangerlang\/otp*≥29.0  –  <29.0.2
erlangerlang\/ssl*≥11.0  –  <11.2.12.9
erlangerlang\/ssl*≥11.6  –  <11.6.0.2
erlangerlang\/ssl*≥11.7  –  <11.7.2

References 5

  • cna.erlef.org https://cna.erlef.org/cves/CVE-2026-48860.html
    Third Party Advisory
  • github.com https://github.com/erlang/otp/commit/0209a6df65d605552b378273027b3968b35f26b4
    Patch
  • github.com https://github.com/erlang/otp/security/advisories/GHSA-gp7x-mfv6-52cv
    Vendor Advisory
  • osv.dev https://osv.dev/vulnerability/EEF-CVE-2026-48860
    Third Party Advisory
  • erlang.org https://www.erlang.org/doc/system/versions.html#order-of-versions
    Product

Remediation

  • github.com https://github.com/erlang/otp/commit/0209a6df65d605552b378273027b3968b35f26b4
    Patch