Alerts This Week
Warning Icon 1 424
Alerts This Week
Warning Icon 1 424

Erlang Path Traversal Vulnerability Remediation for SUSE 2026-22082-1

suse
Calendar Grey June 15, 2026
Dist Suse Esm H88
Critical update for erlang addresses important flaws in SUSE servers. Prompt installation recommended.
An update that solves five vulnerabilities can now be installed.

Summary

## This update for erlang fixes the following issues * CVE-2025-4748: improper limitation of a pathname may lead to path traversal (bsc#1244642). * CVE-2026-32147: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in SFTP chroot (bsc#1262503). * CVE-2026-42789: `public_key` application accepts non-CA certificates as intermediate issuers and this enables chain forgery (bsc#1266449). * CVE-2026-42790: Name Constraints and Subject CommonName fallback in TLS hostname verification allows for certificate forgery by MITM attacker (bsc#1266466). * CVE-2026-42791: OCSP response verification in the `public_key` application does not check the validity period of the OCSP responder certificate and allows for OCSP response response forgery (bsc#1266448). ## Patch Instructions:

Topics%20covered

Topics Covered

security advisory SuSE important path traversal certificate forgery erlang

References

* bsc#1244642

* bsc#1262503

* bsc#1266448

* bsc#1266449

* bsc#1266466

Cross-

* CVE-2025-4748

* CVE-2026-32147

* CVE-2026-42789

* CVE-2026-42790

* CVE-2026-42791

CVSS scores:

* CVE-2025-4748 ( SUSE ): 4.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L

* CVE-2025-4748 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

* CVE-2025-4748 ( NVD ): 4.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2026-32147 ( SUSE ): 5.3

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2026-32147 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

* CVE-2026-32147 ( NVD ): 5.3

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:22082-1
Release Date: 2026-06-05T11:01:03Z
Rating: important

Topics%20covered

Topics Covered

security advisory SuSE important path traversal certificate forgery erlang

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here