CVE-2026-55952
Erlang · OTP (Open Telecom Platform)
The Erlang/OTP SSL application fails to properly validate PSK identity and binder lists during TLS 1.3 handshakes.
Executive summary
The Erlang/OTP SSL application contains a cryptographic validation flaw that could potentially impact the security integrity of TLS connections.
Vulnerability
This vulnerability involves a failure in the SSL application to validate the PSK (Pre-Shared Key) identity list and binder list within a TLS 1.3 exchange. This oversight may allow for incorrect cryptographic processing, potentially affecting authentication or session security.
Business impact
With a CVSS score of 8.2, this vulnerability represents a significant risk to applications relying on Erlang/OTP for secure communication. A successful exploit could undermine the confidentiality and integrity of encrypted traffic, exposing sensitive organizational data to interception or man-in-the-middle attacks.
Remediation
Immediate Action: Update the Erlang/OTP environment to the latest patched version provided by the vendor.
Proactive Monitoring: Review application logs for TLS handshake failures or anomalous connection patterns that might indicate exploitation attempts.
Compensating Controls: Ensure that TLS 1.3 is strictly configured and evaluate the use of alternative cryptographic libraries or protocols where possible until patching is completed.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Given the central role of SSL/TLS in securing modern infrastructure, this vulnerability requires immediate attention. Organizations utilizing Erlang/OTP should prioritize patching to maintain the cryptographic integrity of their services.