{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-42790","assignerOrgId":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","state":"PUBLISHED","assignerShortName":"EEF","dateReserved":"2026-04-29T18:06:33.251Z","datePublished":"2026-05-27T15:09:01.860Z","dateUpdated":"2026-07-01T04:45:27.626Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","modules":["pubkey_cert","public_key"],"packageName":"public_key","packageURL":"pkg:otp/public_key?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp&vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git","product":"OTP","programFiles":["src/pubkey_cert.erl","src/public_key.erl"],"programRoutines":[{"name":"pubkey_cert:validate_names/6"},{"name":"public_key:pkix_verify_hostname/3"}],"repo":"https://github.com/erlang/otp","vendor":"Erlang","versions":[{"changes":[{"at":"1.15.1.7","status":"unaffected"},{"at":"1.17.1.3","status":"unaffected"},{"at":"1.20.3.1","status":"unaffected"},{"at":"1.21.1","status":"unaffected"}],"lessThan":"*","status":"affected","version":"1.4","versionType":"otp"}]},{"collectionURL":"https://github.com","cpes":["cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","modules":["pubkey_cert","public_key"],"packageName":"erlang/otp","packageURL":"pkg:github/erlang/otp","product":"OTP","programFiles":["lib/public_key/src/pubkey_cert.erl","lib/public_key/src/public_key.erl"],"programRoutines":[{"name":"pubkey_cert:validate_names/6"},{"name":"public_key:pkix_verify_hostname/3"}],"repo":"https://github.com/erlang/otp","vendor":"Erlang","versions":[{"changes":[{"at":"26.2.5.21","status":"unaffected"},{"at":"27.3.4.12","status":"unaffected"},{"at":"28.5.0.1","status":"unaffected"},{"at":"29.0.1","status":"unaffected"}],"lessThan":"*","status":"affected","version":"19.3","versionType":"otp"},{"changes":[{"at":"0769050c69d73762672b0db1347b6993a5b31759","status":"unaffected"},{"at":"fb67c6d1836f51105a96d8b769e71e4215a79457","status":"unaffected"},{"at":"21abed64eb2026b5f82f432709e4e932f9be389a","status":"unaffected"}],"lessThan":"*","status":"affected","version":"b0c245e8132bb13171e277b1af59c0cec00c9459","versionType":"git"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionEndExcluding":"26.2.5.21","versionStartIncluding":"19.3","vulnerable":true},{"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionEndExcluding":"27.3.4.12","versionStartIncluding":"27.0","vulnerable":true},{"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionEndExcluding":"28.5.0.1","versionStartIncluding":"28.0","vulnerable":true},{"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionEndExcluding":"29.0.1","versionStartIncluding":"29.0","vulnerable":true}],"negate":false,"operator":"OR"}],"operator":"AND"}],"credits":[{"lang":"en","type":"finder","value":"John Downey"},{"lang":"en","type":"remediation developer","value":"Ingela Anderton Andin"},{"lang":"en","type":"remediation reviewer","value":"Dan Gudmundsson"},{"lang":"en","type":"remediation reviewer","value":"Jakub Witczak"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Improper Certificate Validation vulnerability in Erlang OTP <tt>public_key</tt> (<tt>pubkey_cert</tt> and <tt>public_key</tt> modules) allows a DNS <tt>nameConstraints</tt> bypass via subject CommonName fallback in TLS hostname verification.<p>Two flaws combine to allow a subordinate CA whose DNS <tt>nameConstraints</tt> are restricted (e.g. <tt>permitted;DNS:allowed.example.com</tt>) to issue a leaf certificate that an OTP TLS client accepts as a valid identity for an out-of-scope hostname (e.g. <tt>victim.example.com</tt>):</p><p>First, <tt>pubkey_cert:validate_names/6</tt> in <tt>lib/public_key/src/pubkey_cert.erl</tt> only checks SAN DNS entries against <tt>nameConstraints</tt>. Per RFC 5280, a permitted DNS subtree only restricts certificates that contain a DNS-typed name. A leaf with no <tt>subjectAltName</tt> therefore trivially satisfies any <tt>permitted;DNS:...</tt> constraint regardless of its subject <tt>commonName</tt>.</p><p>Second, <tt>public_key:pkix_verify_hostname/3</tt> in <tt>lib/public_key/src/public_key.erl</tt> falls back to the subject <tt>commonName</tt> when no <tt>subjectAltName</tt> is present, extracting <tt>id-at-commonName</tt> attributes as presented IDs and matching them against the reference hostname. The strict <tt>pkix_verify_hostname_match_fun(https)</tt> matcher does not suppress this fallback.</p><p>The result is that path validation accepts a CN-only leaf under a DNS-constrained intermediate (no SAN means the <tt>nameConstraints</tt> are not triggered), and hostname verification then accepts it via the CN fallback. The bypass is reachable from stock <tt>ssl:connect</tt> with <tt>verify_peer</tt>, a trusted CA, SNI, and the canonical strict <tt>https</tt> hostname matcher.</p><p>This issue affects OTP from OTP 19.3 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to <tt>public_key</tt> from 1.4 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1.</p>"}],"value":"Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification.\n\nTwo flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted (e.g. permitted;DNS:allowed.example.com) to issue a leaf certificate that an OTP TLS client accepts as a valid identity for an out-of-scope hostname (e.g. victim.example.com):\n\nFirst, pubkey_cert:validate_names/6 in lib/public_key/src/pubkey_cert.erl only checks SAN DNS entries against nameConstraints. Per RFC 5280, a permitted DNS subtree only restricts certificates that contain a DNS-typed name. A leaf with no subjectAltName therefore trivially satisfies any permitted;DNS:... constraint regardless of its subject commonName.\n\nSecond, public_key:pkix_verify_hostname/3 in lib/public_key/src/public_key.erl falls back to the subject commonName when no subjectAltName is present, extracting id-at-commonName attributes as presented IDs and matching them against the reference hostname. The strict pkix_verify_hostname_match_fun(https) matcher does not suppress this fallback.\n\nThe result is that path validation accepts a CN-only leaf under a DNS-constrained intermediate (no SAN means the nameConstraints are not triggered), and hostname verification then accepts it via the CN fallback. The bypass is reachable from stock ssl:connect with verify_peer, a trusted CA, SNI, and the canonical strict https hostname matcher.\n\nThis issue affects OTP from OTP 19.3 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 1.4 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1."}],"impacts":[{"capecId":"CAPEC-475","descriptions":[{"lang":"en","value":"CAPEC-475 Signature Spoofing by Improper Validation"}]}],"metrics":[{"cvssV4_0":{"attackComplexity":"HIGH","attackRequirements":"PRESENT","attackVector":"NETWORK","baseScore":7.6,"baseSeverity":"HIGH","privilegesRequired":"NONE","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"PASSIVE","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-295","description":"CWE-295 Improper Certificate Validation","lang":"en","type":"CWE"},{"cweId":"CWE-297","description":"CWE-297 Improper Validation of Certificate with Host Mismatch","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","shortName":"EEF","dateUpdated":"2026-07-01T04:45:27.626Z"},"references":[{"tags":["vendor-advisory","related"],"url":"https://github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447"},{"tags":["related"],"url":"https://cna.erlef.org/cves/CVE-2026-42790.html"},{"tags":["related"],"url":"https://osv.dev/vulnerability/EEF-CVE-2026-42790"},{"tags":["x_version-scheme"],"url":"https://www.erlang.org/doc/system/versions.html#order-of-versions"},{"tags":["patch"],"url":"https://github.com/erlang/otp/commit/0769050c69d73762672b0db1347b6993a5b31759"},{"tags":["patch"],"url":"https://github.com/erlang/otp/commit/fb67c6d1836f51105a96d8b769e71e4215a79457"},{"tags":["patch"],"url":"https://github.com/erlang/otp/commit/21abed64eb2026b5f82f432709e4e932f9be389a"}],"source":{"discovery":"EXTERNAL"},"title":"nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The <tt>verify_fun</tt> option in the <tt>ssl</tt> application can be used to ensure that TLS connections fail if the end-entity certificate is missing the <tt>subjectAltName</tt> extension or has no domain name. Do not use a <tt>verify_fun</tt> that accepts the <tt>name_not_permitted</tt> error."}],"value":"The verify_fun option in the ssl application can be used to ensure that TLS connections fail if the end-entity certificate is missing the subjectAltName extension or has no domain name. Do not use a verify_fun that accepts the name_not_permitted error."}],"x_generator":{"engine":"cvelib 1.8.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-05-27T00:00:00+00:00","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3","id":"CVE-2026-42790"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-05-28T03:55:49.233Z"}},{"affected":[{"cpes":["cpe:/a:redhat:openstack:16.2"],"defaultStatus":"affected","product":"Red Hat OpenStack Platform 16.2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openstack:17.1"],"defaultStatus":"affected","product":"Red Hat OpenStack Platform 17.1","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openstack:18.0"],"defaultStatus":"affected","product":"Red Hat OpenStack Platform 18.0","vendor":"Red Hat"}],"datePublic":"2026-05-27T15:09:01.860Z","descriptions":[{"lang":"en","value":"A flaw was found in Erlang OTP public_key. This improper certificate validation vulnerability allows a subordinate Certificate Authority (CA) with restricted DNS nameConstraints to bypass these restrictions. By issuing a leaf certificate that lacks a Subject Alternative Name (SAN) but contains a crafted CommonName (CN), an attacker can trick an Erlang OTP TLS client into accepting it as valid for an out-of-scope hostname. This can lead to hostname spoofing and potential man-in-the-middle attacks, compromising the integrity and confidentiality of communications."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.4,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-295","description":"Improper Certificate Validation","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-42790"},{"name":"RHBZ#2482286","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482286"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42790.json"}],"timeline":[{"lang":"en","time":"2026-05-27T17:02:53.354Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-05-27T15:09:01.860Z","value":"Made public."}],"title":"erlang: Erlang OTP public_key: Certificate validation bypass allows hostname spoofing","workarounds":[{"lang":"en","value":"Ensure all TLS certificates used in the deployment include Subject Alternative Name (SAN) extensions with the appropriate DNS entries. Certificates relying solely on the CommonName (CN) field for hostname identification are susceptible to this bypass. For Erlang applications, the verify_fun option in the ssl module can be configured to reject peer certificates missing the subjectAltName extension."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-06-30T12:08:38.311Z"}}]}}