Explore top 10 tips to secure your open-source projects now. Read More
×Erlang is a general-purpose programming language and runtime
environment. Erlang has built-in support for concurrency, distribution
and fault tolerance. Erlang is used in several large telecommunication
systems from Ericsson.
Update Information:
Backport fixes for CVE-2026-48858 (ftp SSRF), CVE-2026-49759 (SCTP DoS), CVE-2026-48860 (dist-over-TLS auth bypass), CVE-2026-54886 (ssh SFTP DoS), CVE-2026-54891 (TLS handshake data injection), and CVE-2026-55952 (TLS 1.3 session ticket DoS). These are fixed upstream in OTP 27.x (rawhide/f45); backported here to the OTP 26.x line.
* Fri Jul 10 2026 Peter Lemenkov
[ 1 ] Bug #2489554 - CVE-2026-48858 erlang: Erlang/OTP ftp: Server-Side Request Forgery (SSRF) via unvalidated PASV response IP address [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489554
[ 2 ] Bug #2490026 - CVE-2026-49759 erlang: Erlang OTP: Denial of Service via crafted SCTP ERROR chunk [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2490026
[ 3 ] Bug #2490272 - CVE-2026-48860 erlang: Erlang/OTP: Authentication bypass allows arbitrary code execution via improper IP address validation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2490272
[ 4 ] Bug #2496748 - CVE-2026-54891 erlang: Erlang SSL: Unauthenticated data injection during TLS handshake [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2496748
[ 5 ] Bug #2496790 - CVE-2026-54886 erlang: Erlang OTP ssh: Denial of Service via infinite loop in SFTP channel [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2496790
[ 6 ] ...
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-965be97ac0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
Get the latest Linux and open source security news straight to your inbox.