CVE-2026-42790 (GCVE-0-2026-42790)

Vulnerability from cvelistv5 – Published: 2026-05-27 15:09 – Updated: 2026-07-01 04:45
VLAI?
Title
nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification
Summary
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted (e.g. permitted;DNS:allowed.example.com) to issue a leaf certificate that an OTP TLS client accepts as a valid identity for an out-of-scope hostname (e.g. victim.example.com): First, pubkey_cert:validate_names/6 in lib/public_key/src/pubkey_cert.erl only checks SAN DNS entries against nameConstraints. Per RFC 5280, a permitted DNS subtree only restricts certificates that contain a DNS-typed name. A leaf with no subjectAltName therefore trivially satisfies any permitted;DNS:... constraint regardless of its subject commonName. Second, public_key:pkix_verify_hostname/3 in lib/public_key/src/public_key.erl falls back to the subject commonName when no subjectAltName is present, extracting id-at-commonName attributes as presented IDs and matching them against the reference hostname. The strict pkix_verify_hostname_match_fun(https) matcher does not suppress this fallback. The result is that path validation accepts a CN-only leaf under a DNS-constrained intermediate (no SAN means the nameConstraints are not triggered), and hostname verification then accepts it via the CN fallback. The bypass is reachable from stock ssl:connect with verify_peer, a trusted CA, SNI, and the canonical strict https hostname matcher. This issue affects OTP from OTP 19.3 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 1.4 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1.
CWE
  • CWE-295 - Improper Certificate Validation
  • CWE-297 - Improper Validation of Certificate with Host Mismatch
Assigner
EEF
Impacted products
Vendor Product Version
Erlang OTP Affected: 1.4 , < * (otp)
    cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
Create a notification for this product.
    Erlang OTP Affected: 19.3 , < * (otp)
Affected: b0c245e8132bb13171e277b1af59c0cec00c9459 , < * (git)
    cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
John Downey Ingela Anderton Andin Dan Gudmundsson Jakub Witczak
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42790",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-27T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-28T03:55:49.233Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/a:redhat:openstack:16.2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenStack Platform 16.2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openstack:17.1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenStack Platform 17.1",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openstack:18.0"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenStack Platform 18.0",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-05-27T15:09:01.860Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in Erlang OTP public_key. This improper certificate validation vulnerability allows a subordinate Certificate Authority (CA) with restricted DNS nameConstraints to bypass these restrictions. By issuing a leaf certificate that lacks a Subject Alternative Name (SAN) but contains a crafted CommonName (CN), an attacker can trick an Erlang OTP TLS client into accepting it as valid for an out-of-scope hostname. This can lead to hostname spoofing and potential man-in-the-middle attacks, compromising the integrity and confidentiality of communications."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.4,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-295",
                "description": "Improper Certificate Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T12:08:38.311Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-42790"
          },
          {
            "name": "RHBZ#2482286",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482286"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42790.json"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-05-27T17:02:53.354Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-05-27T15:09:01.860Z",
            "value": "Made public."
          }
        ],
        "title": "erlang: Erlang OTP public_key: Certificate validation bypass allows hostname spoofing",
        "workarounds": [
          {
            "lang": "en",
            "value": "Ensure all TLS certificates used in the deployment include Subject Alternative Name (SAN) extensions with the appropriate DNS entries. Certificates relying solely on the CommonName (CN) field for hostname identification are susceptible to this bypass. For Erlang applications, the verify_fun option in the ssl module can be configured to reject peer certificates missing the subjectAltName extension."
          }
        ],
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unknown",
          "modules": [
            "pubkey_cert",
            "public_key"
          ],
          "packageName": "public_key",
          "packageURL": "pkg:otp/public_key?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp\u0026vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git",
          "product": "OTP",
          "programFiles": [
            "src/pubkey_cert.erl",
            "src/public_key.erl"
          ],
          "programRoutines": [
            {
              "name": "pubkey_cert:validate_names/6"
            },
            {
              "name": "public_key:pkix_verify_hostname/3"
            }
          ],
          "repo": "https://github.com/erlang/otp",
          "vendor": "Erlang",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.15.1.7",
                  "status": "unaffected"
                },
                {
                  "at": "1.17.1.3",
                  "status": "unaffected"
                },
                {
                  "at": "1.20.3.1",
                  "status": "unaffected"
                },
                {
                  "at": "1.21.1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "1.4",
              "versionType": "otp"
            }
          ]
        },
        {
          "collectionURL": "https://github.com",
          "cpes": [
            "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unknown",
          "modules": [
            "pubkey_cert",
            "public_key"
          ],
          "packageName": "erlang/otp",
          "packageURL": "pkg:github/erlang/otp",
          "product": "OTP",
          "programFiles": [
            "lib/public_key/src/pubkey_cert.erl",
            "lib/public_key/src/public_key.erl"
          ],
          "programRoutines": [
            {
              "name": "pubkey_cert:validate_names/6"
            },
            {
              "name": "public_key:pkix_verify_hostname/3"
            }
          ],
          "repo": "https://github.com/erlang/otp",
          "vendor": "Erlang",
          "versions": [
            {
              "changes": [
                {
                  "at": "26.2.5.21",
                  "status": "unaffected"
                },
                {
                  "at": "27.3.4.12",
                  "status": "unaffected"
                },
                {
                  "at": "28.5.0.1",
                  "status": "unaffected"
                },
                {
                  "at": "29.0.1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "19.3",
              "versionType": "otp"
            },
            {
              "changes": [
                {
                  "at": "0769050c69d73762672b0db1347b6993a5b31759",
                  "status": "unaffected"
                },
                {
                  "at": "fb67c6d1836f51105a96d8b769e71e4215a79457",
                  "status": "unaffected"
                },
                {
                  "at": "21abed64eb2026b5f82f432709e4e932f9be389a",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "b0c245e8132bb13171e277b1af59c0cec00c9459",
              "versionType": "git"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "26.2.5.21",
                  "versionStartIncluding": "19.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "27.3.4.12",
                  "versionStartIncluding": "27.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "28.5.0.1",
                  "versionStartIncluding": "28.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "29.0.1",
                  "versionStartIncluding": "29.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "AND"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "John Downey"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Ingela Anderton Andin"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Dan Gudmundsson"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Jakub Witczak"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Certificate Validation vulnerability in Erlang OTP \u003ctt\u003epublic_key\u003c/tt\u003e (\u003ctt\u003epubkey_cert\u003c/tt\u003e and \u003ctt\u003epublic_key\u003c/tt\u003e modules) allows a DNS \u003ctt\u003enameConstraints\u003c/tt\u003e bypass via subject CommonName fallback in TLS hostname verification.\u003cp\u003eTwo flaws combine to allow a subordinate CA whose DNS \u003ctt\u003enameConstraints\u003c/tt\u003e are restricted (e.g. \u003ctt\u003epermitted;DNS:allowed.example.com\u003c/tt\u003e) to issue a leaf certificate that an OTP TLS client accepts as a valid identity for an out-of-scope hostname (e.g. \u003ctt\u003evictim.example.com\u003c/tt\u003e):\u003c/p\u003e\u003cp\u003eFirst, \u003ctt\u003epubkey_cert:validate_names/6\u003c/tt\u003e in \u003ctt\u003elib/public_key/src/pubkey_cert.erl\u003c/tt\u003e only checks SAN DNS entries against \u003ctt\u003enameConstraints\u003c/tt\u003e. Per RFC 5280, a permitted DNS subtree only restricts certificates that contain a DNS-typed name. A leaf with no \u003ctt\u003esubjectAltName\u003c/tt\u003e therefore trivially satisfies any \u003ctt\u003epermitted;DNS:...\u003c/tt\u003e constraint regardless of its subject \u003ctt\u003ecommonName\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eSecond, \u003ctt\u003epublic_key:pkix_verify_hostname/3\u003c/tt\u003e in \u003ctt\u003elib/public_key/src/public_key.erl\u003c/tt\u003e falls back to the subject \u003ctt\u003ecommonName\u003c/tt\u003e when no \u003ctt\u003esubjectAltName\u003c/tt\u003e is present, extracting \u003ctt\u003eid-at-commonName\u003c/tt\u003e attributes as presented IDs and matching them against the reference hostname. The strict \u003ctt\u003epkix_verify_hostname_match_fun(https)\u003c/tt\u003e matcher does not suppress this fallback.\u003c/p\u003e\u003cp\u003eThe result is that path validation accepts a CN-only leaf under a DNS-constrained intermediate (no SAN means the \u003ctt\u003enameConstraints\u003c/tt\u003e are not triggered), and hostname verification then accepts it via the CN fallback. The bypass is reachable from stock \u003ctt\u003essl:connect\u003c/tt\u003e with \u003ctt\u003everify_peer\u003c/tt\u003e, a trusted CA, SNI, and the canonical strict \u003ctt\u003ehttps\u003c/tt\u003e hostname matcher.\u003c/p\u003e\u003cp\u003eThis issue affects OTP from OTP 19.3 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to \u003ctt\u003epublic_key\u003c/tt\u003e from 1.4 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1.\u003c/p\u003e"
            }
          ],
          "value": "Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification.\n\nTwo flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted (e.g. permitted;DNS:allowed.example.com) to issue a leaf certificate that an OTP TLS client accepts as a valid identity for an out-of-scope hostname (e.g. victim.example.com):\n\nFirst, pubkey_cert:validate_names/6 in lib/public_key/src/pubkey_cert.erl only checks SAN DNS entries against nameConstraints. Per RFC 5280, a permitted DNS subtree only restricts certificates that contain a DNS-typed name. A leaf with no subjectAltName therefore trivially satisfies any permitted;DNS:... constraint regardless of its subject commonName.\n\nSecond, public_key:pkix_verify_hostname/3 in lib/public_key/src/public_key.erl falls back to the subject commonName when no subjectAltName is present, extracting id-at-commonName attributes as presented IDs and matching them against the reference hostname. The strict pkix_verify_hostname_match_fun(https) matcher does not suppress this fallback.\n\nThe result is that path validation accepts a CN-only leaf under a DNS-constrained intermediate (no SAN means the nameConstraints are not triggered), and hostname verification then accepts it via the CN fallback. The bypass is reachable from stock ssl:connect with verify_peer, a trusted CA, SNI, and the canonical strict https hostname matcher.\n\nThis issue affects OTP from OTP 19.3 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 1.4 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-475",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-475 Signature Spoofing by Improper Validation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295 Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            },
            {
              "cweId": "CWE-297",
              "description": "CWE-297 Improper Validation of Certificate with Host Mismatch",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T04:45:27.626Z",
        "orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
        "shortName": "EEF"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "related"
          ],
          "url": "https://github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://cna.erlef.org/cves/CVE-2026-42790.html"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://osv.dev/vulnerability/EEF-CVE-2026-42790"
        },
        {
          "tags": [
            "x_version-scheme"
          ],
          "url": "https://www.erlang.org/doc/system/versions.html#order-of-versions"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/erlang/otp/commit/0769050c69d73762672b0db1347b6993a5b31759"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/erlang/otp/commit/fb67c6d1836f51105a96d8b769e71e4215a79457"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/erlang/otp/commit/21abed64eb2026b5f82f432709e4e932f9be389a"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The \u003ctt\u003everify_fun\u003c/tt\u003e option in the \u003ctt\u003essl\u003c/tt\u003e application can be used to ensure that TLS connections fail if the end-entity certificate is missing the \u003ctt\u003esubjectAltName\u003c/tt\u003e extension or has no domain name. Do not use a \u003ctt\u003everify_fun\u003c/tt\u003e that accepts the \u003ctt\u003ename_not_permitted\u003c/tt\u003e error."
            }
          ],
          "value": "The verify_fun option in the ssl application can be used to ensure that TLS connections fail if the end-entity certificate is missing the subjectAltName extension or has no domain name. Do not use a verify_fun that accepts the name_not_permitted error."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
    "assignerShortName": "EEF",
    "cveId": "CVE-2026-42790",
    "datePublished": "2026-05-27T15:09:01.860Z",
    "dateReserved": "2026-04-29T18:06:33.251Z",
    "dateUpdated": "2026-07-01T04:45:27.626Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"erlang: Erlang OTP public_key: Certificate validation bypass allows hostname spoofing\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:openstack:16.2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack Platform 16.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openstack:17.1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack Platform 17.1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openstack:18.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack Platform 18.0\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-05-27T17:02:53.354Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-05-27T15:09:01.860Z\", \"value\": \"Made public.\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-05-27T15:09:01.860Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-42790\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2482286\", \"name\": \"RHBZ#2482286\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42790.json\", \"tags\": [\"x_sadp-csaf-vex\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Ensure all TLS certificates used in the deployment include Subject Alternative Name (SAN) extensions with the appropriate DNS entries. Certificates relying solely on the CommonName (CN) field for hostname identification are susceptible to this bypass. For Erlang applications, the verify_fun option in the ssl module can be configured to reject peer certificates missing the subjectAltName extension.\"}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in Erlang OTP public_key. This improper certificate validation vulnerability allows a subordinate Certificate Authority (CA) with restricted DNS nameConstraints to bypass these restrictions. By issuing a leaf certificate that lacks a Subject Alternative Name (SAN) but contains a crafted CommonName (CN), an attacker can trick an Erlang OTP TLS client into accepting it as valid for an out-of-scope hostname. This can lead to hostname spoofing and potential man-in-the-middle attacks, compromising the integrity and confidentiality of communications.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-295\", \"description\": \"Improper Certificate Validation\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-06-30T12:08:38.311Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-42790\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-27T17:31:50.271881Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-27T17:31:58.755Z\"}}], \"cna\": {\"title\": \"nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"John Downey\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Ingela Anderton Andin\"}, {\"lang\": \"en\", \"type\": \"remediation reviewer\", \"value\": \"Dan Gudmundsson\"}, {\"lang\": \"en\", \"type\": \"remediation reviewer\", \"value\": \"Jakub Witczak\"}], \"impacts\": [{\"capecId\": \"CAPEC-475\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-475 Signature Spoofing by Improper Validation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 7.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\"], \"repo\": \"https://github.com/erlang/otp\", \"vendor\": \"Erlang\", \"modules\": [\"pubkey_cert\", \"public_key\"], \"product\": \"OTP\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"1.15.1.7\", \"status\": \"unaffected\"}, {\"at\": \"1.17.1.3\", \"status\": \"unaffected\"}, {\"at\": \"1.20.3.1\", \"status\": \"unaffected\"}, {\"at\": \"1.21.1\", \"status\": \"unaffected\"}], \"version\": \"1.4\", \"lessThan\": \"*\", \"versionType\": \"otp\"}], \"packageURL\": \"pkg:otp/public_key?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp\u0026vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git\", \"packageName\": \"public_key\", \"programFiles\": [\"src/pubkey_cert.erl\", \"src/public_key.erl\"], \"defaultStatus\": \"unknown\", \"programRoutines\": [{\"name\": \"pubkey_cert:validate_names/6\"}, {\"name\": \"public_key:pkix_verify_hostname/3\"}]}, {\"cpes\": [\"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\"], \"repo\": \"https://github.com/erlang/otp\", \"vendor\": \"Erlang\", \"modules\": [\"pubkey_cert\", \"public_key\"], \"product\": \"OTP\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"26.2.5.21\", \"status\": \"unaffected\"}, {\"at\": \"27.3.4.12\", \"status\": \"unaffected\"}, {\"at\": \"28.5.0.1\", \"status\": \"unaffected\"}, {\"at\": \"29.0.1\", \"status\": \"unaffected\"}], \"version\": \"19.3\", \"lessThan\": \"*\", \"versionType\": \"otp\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"0769050c69d73762672b0db1347b6993a5b31759\", \"status\": \"unaffected\"}, {\"at\": \"fb67c6d1836f51105a96d8b769e71e4215a79457\", \"status\": \"unaffected\"}, {\"at\": \"21abed64eb2026b5f82f432709e4e932f9be389a\", \"status\": \"unaffected\"}], \"version\": \"b0c245e8132bb13171e277b1af59c0cec00c9459\", \"lessThan\": \"*\", \"versionType\": \"git\"}], \"packageURL\": \"pkg:github/erlang/otp\", \"packageName\": \"erlang/otp\", \"programFiles\": [\"lib/public_key/src/pubkey_cert.erl\", \"lib/public_key/src/public_key.erl\"], \"collectionURL\": \"https://github.com\", \"defaultStatus\": \"unknown\", \"programRoutines\": [{\"name\": \"pubkey_cert:validate_names/6\"}, {\"name\": \"public_key:pkix_verify_hostname/3\"}]}], \"references\": [{\"url\": \"https://github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447\", \"tags\": [\"vendor-advisory\", \"related\"]}, {\"url\": \"https://cna.erlef.org/cves/CVE-2026-42790.html\", \"tags\": [\"related\"]}, {\"url\": \"https://osv.dev/vulnerability/EEF-CVE-2026-42790\", \"tags\": [\"related\"]}, {\"url\": \"https://www.erlang.org/doc/system/versions.html#order-of-versions\", \"tags\": [\"x_version-scheme\"]}, {\"url\": \"https://github.com/erlang/otp/commit/0769050c69d73762672b0db1347b6993a5b31759\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/erlang/otp/commit/fb67c6d1836f51105a96d8b769e71e4215a79457\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/erlang/otp/commit/21abed64eb2026b5f82f432709e4e932f9be389a\", \"tags\": [\"patch\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"The verify_fun option in the ssl application can be used to ensure that TLS connections fail if the end-entity certificate is missing the subjectAltName extension or has no domain name. Do not use a verify_fun that accepts the name_not_permitted error.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The \u003ctt\u003everify_fun\u003c/tt\u003e option in the \u003ctt\u003essl\u003c/tt\u003e application can be used to ensure that TLS connections fail if the end-entity certificate is missing the \u003ctt\u003esubjectAltName\u003c/tt\u003e extension or has no domain name. Do not use a \u003ctt\u003everify_fun\u003c/tt\u003e that accepts the \u003ctt\u003ename_not_permitted\u003c/tt\u003e error.\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification.\\n\\nTwo flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted (e.g. permitted;DNS:allowed.example.com) to issue a leaf certificate that an OTP TLS client accepts as a valid identity for an out-of-scope hostname (e.g. victim.example.com):\\n\\nFirst, pubkey_cert:validate_names/6 in lib/public_key/src/pubkey_cert.erl only checks SAN DNS entries against nameConstraints. Per RFC 5280, a permitted DNS subtree only restricts certificates that contain a DNS-typed name. A leaf with no subjectAltName therefore trivially satisfies any permitted;DNS:... constraint regardless of its subject commonName.\\n\\nSecond, public_key:pkix_verify_hostname/3 in lib/public_key/src/public_key.erl falls back to the subject commonName when no subjectAltName is present, extracting id-at-commonName attributes as presented IDs and matching them against the reference hostname. The strict pkix_verify_hostname_match_fun(https) matcher does not suppress this fallback.\\n\\nThe result is that path validation accepts a CN-only leaf under a DNS-constrained intermediate (no SAN means the nameConstraints are not triggered), and hostname verification then accepts it via the CN fallback. The bypass is reachable from stock ssl:connect with verify_peer, a trusted CA, SNI, and the canonical strict https hostname matcher.\\n\\nThis issue affects OTP from OTP 19.3 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 1.4 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Improper Certificate Validation vulnerability in Erlang OTP \u003ctt\u003epublic_key\u003c/tt\u003e (\u003ctt\u003epubkey_cert\u003c/tt\u003e and \u003ctt\u003epublic_key\u003c/tt\u003e modules) allows a DNS \u003ctt\u003enameConstraints\u003c/tt\u003e bypass via subject CommonName fallback in TLS hostname verification.\u003cp\u003eTwo flaws combine to allow a subordinate CA whose DNS \u003ctt\u003enameConstraints\u003c/tt\u003e are restricted (e.g. \u003ctt\u003epermitted;DNS:allowed.example.com\u003c/tt\u003e) to issue a leaf certificate that an OTP TLS client accepts as a valid identity for an out-of-scope hostname (e.g. \u003ctt\u003evictim.example.com\u003c/tt\u003e):\u003c/p\u003e\u003cp\u003eFirst, \u003ctt\u003epubkey_cert:validate_names/6\u003c/tt\u003e in \u003ctt\u003elib/public_key/src/pubkey_cert.erl\u003c/tt\u003e only checks SAN DNS entries against \u003ctt\u003enameConstraints\u003c/tt\u003e. Per RFC 5280, a permitted DNS subtree only restricts certificates that contain a DNS-typed name. A leaf with no \u003ctt\u003esubjectAltName\u003c/tt\u003e therefore trivially satisfies any \u003ctt\u003epermitted;DNS:...\u003c/tt\u003e constraint regardless of its subject \u003ctt\u003ecommonName\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eSecond, \u003ctt\u003epublic_key:pkix_verify_hostname/3\u003c/tt\u003e in \u003ctt\u003elib/public_key/src/public_key.erl\u003c/tt\u003e falls back to the subject \u003ctt\u003ecommonName\u003c/tt\u003e when no \u003ctt\u003esubjectAltName\u003c/tt\u003e is present, extracting \u003ctt\u003eid-at-commonName\u003c/tt\u003e attributes as presented IDs and matching them against the reference hostname. The strict \u003ctt\u003epkix_verify_hostname_match_fun(https)\u003c/tt\u003e matcher does not suppress this fallback.\u003c/p\u003e\u003cp\u003eThe result is that path validation accepts a CN-only leaf under a DNS-constrained intermediate (no SAN means the \u003ctt\u003enameConstraints\u003c/tt\u003e are not triggered), and hostname verification then accepts it via the CN fallback. The bypass is reachable from stock \u003ctt\u003essl:connect\u003c/tt\u003e with \u003ctt\u003everify_peer\u003c/tt\u003e, a trusted CA, SNI, and the canonical strict \u003ctt\u003ehttps\u003c/tt\u003e hostname matcher.\u003c/p\u003e\u003cp\u003eThis issue affects OTP from OTP 19.3 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to \u003ctt\u003epublic_key\u003c/tt\u003e from 1.4 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-295\", \"description\": \"CWE-295 Improper Certificate Validation\"}, {\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-297\", \"description\": \"CWE-297 Improper Validation of Certificate with Host Mismatch\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"26.2.5.21\", \"versionStartIncluding\": \"19.3\"}, {\"criteria\": \"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"27.3.4.12\", \"versionStartIncluding\": \"27.0\"}, {\"criteria\": \"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"28.5.0.1\", \"versionStartIncluding\": \"28.0\"}, {\"criteria\": \"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"29.0.1\", \"versionStartIncluding\": \"29.0\"}], \"operator\": \"OR\"}], \"operator\": \"AND\"}], \"providerMetadata\": {\"orgId\": \"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\", \"shortName\": \"EEF\", \"dateUpdated\": \"2026-07-01T04:45:27.626Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-42790\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-01T04:45:27.626Z\", \"dateReserved\": \"2026-04-29T18:06:33.251Z\", \"assignerOrgId\": \"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\", \"datePublished\": \"2026-05-27T15:09:01.860Z\", \"assignerShortName\": \"EEF\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…