CVE-2026-55952

Erlang · OTP (Open Telecom Platform)

The Erlang/OTP SSL application fails to properly validate PSK identity and binder lists during TLS 1.3 handshakes.

Executive summary

The Erlang/OTP SSL application contains a cryptographic validation flaw that could potentially impact the security integrity of TLS connections.

Vulnerability

This vulnerability involves a failure in the SSL application to validate the PSK (Pre-Shared Key) identity list and binder list within a TLS 1.3 exchange. This oversight may allow for incorrect cryptographic processing, potentially affecting authentication or session security.

Business impact

With a CVSS score of 8.2, this vulnerability represents a significant risk to applications relying on Erlang/OTP for secure communication. A successful exploit could undermine the confidentiality and integrity of encrypted traffic, exposing sensitive organizational data to interception or man-in-the-middle attacks.

Remediation

Immediate Action: Update the Erlang/OTP environment to the latest patched version provided by the vendor.

Proactive Monitoring: Review application logs for TLS handshake failures or anomalous connection patterns that might indicate exploitation attempts.

Compensating Controls: Ensure that TLS 1.3 is strictly configured and evaluate the use of alternative cryptographic libraries or protocols where possible until patching is completed.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Given the central role of SSL/TLS in securing modern infrastructure, this vulnerability requires immediate attention. Organizations utilizing Erlang/OTP should prioritize patching to maintain the cryptographic integrity of their services.