CVE-2026-21620
Insufficient path sanitizing in tftp_file module.
CVE-2026-23941
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
vulnerability in Erlang OTP (inets httpd module) allows HTTP Request
Smuggling.
CVE-2026-23942
Improper Limitation of a Pathname to a Restricted Directory ('Path
Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path
Traversal.
CVE-2026-23943
Improper Handling of Highly Compressed Data (Compression Bomb)
vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of
Service via Resource Depletion.
For Debian 11 bullseye, these problems have been fixed in version
1:23.2.6+dfsg-1+deb11u4.
We recommend that you upgrade your erlang packages.
For the detailed security status of erlang please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/erlang
Further information about Debian LTS security advisories, how to apply
Get the latest Linux and open source security news straight to your inbox.