Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 500
Alerts This Week
Warning Icon 1 500

Fedora 43 Erlang Critical Auth Bypass DoS Vulnerability Fix 2026-965be97ac0

fedora
Calendar Grey July 18, 2026
Scroller Fedora
Discover critical backports for Erlang on Fedora 43 addressing multiple security issues with detailed vulnerability insights.
Backport fixes for CVE-2026-48858 (ftp SSRF), CVE-2026-49759 (SCTP DoS), CVE-2026-48860 (dist-over-TLS auth bypass), CVE-2026-54886 (ssh SFTP DoS), CVE-2026-54891 (TLS handshake da...

Summary

Erlang is a general-purpose programming language and runtime

environment. Erlang has built-in support for concurrency, distribution

and fault tolerance. Erlang is used in several large telecommunication

systems from Ericsson.

Update Information:

Backport fixes for CVE-2026-48858 (ftp SSRF), CVE-2026-49759 (SCTP DoS), CVE-2026-48860 (dist-over-TLS auth bypass), CVE-2026-54886 (ssh SFTP DoS), CVE-2026-54891 (TLS handshake data injection), and CVE-2026-55952 (TLS 1.3 session ticket DoS). These are fixed upstream in OTP 27.x (rawhide/f45); backported here to the OTP 26.x line.

Change Log

* Fri Jul 10 2026 Peter Lemenkov - 26.2.5.21-4 - Backport fix for CVE-2026-48858, CVE-2026-48860, CVE-2026-49759, CVE-2026-54886, CVE-2026-54891, CVE-2026-55952

References


[ 1 ] Bug #2489554 - CVE-2026-48858 erlang: Erlang/OTP ftp: Server-Side Request Forgery (SSRF) via unvalidated PASV response IP address [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489554 [ 2 ] Bug #2490026 - CVE-2026-49759 erlang: Erlang OTP: Denial of Service via crafted SCTP ERROR chunk [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490026 [ 3 ] Bug #2490272 - CVE-2026-48860 erlang: Erlang/OTP: Authentication bypass allows arbitrary code execution via improper IP address validation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490272 [ 4 ] Bug #2496748 - CVE-2026-54891 erlang: Erlang SSL: Unauthenticated data injection during TLS handshake [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2496748 [ 5 ] Bug #2496790 - CVE-2026-54886 erlang: Erlang OTP ssh: Denial of Service via infinite loop in SFTP channel [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2496790 [ 6 ] ...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-965be97ac0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: erlang
Product: Fedora 43
Version: 26.2.5.21
Release: 4.fc43
Summary: General-purpose programming language and runtime environment

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.