Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/http_server/httpd_request.erl and program routines httpd_request:parse_headers/7. The server does not reject or normalize duplicate Content-Length headers. The earliest Content-Length in the request is used for body parsing while common reverse proxies (nginx, Apache httpd, Envoy) honor the last Content-Length value. This violates RFC 9112 Section 6.3 and allows front-end/back-end desynchronization, leaving attacker-controlled bytes queued as the start of the next request. This issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to inets from 5.10 until 9.6.1, 9.3.2.3 and 9.1.0.5.

The version of the Tenable Identity Exposure running on the remote host is prior to 3.77.17. It is, therefore, affected by multiple vulnerabilities according to advisory TNS-2026-11:

  - A flaw in Node.js's Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write`     restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted     access only to the current directory can escape the allowed path and read sensitive files. This breaks the     expected isolation guarantees and enables arbitrary file read/write, leading to potential system compromise.
    This vulnerability affects users of the permission model on Node.js v20, v22, v24, and v25. (CVE-2025-55130)

  - Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
    (CVE-2026-21262)

  - Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate     privileges over a network. (CVE-2026-26115)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20607-1 advisory.

    Security issues fixed:

    - CVE-2026-21620: improper isolation and compartmentalization can lead to TFTP relative path traversal and     remote       arbitrary reads/writes (bsc#1258663).
    - CVE-2026-23941: improper handling of duplicate Content-Length headers in Erlang OTP can lead to HTTP     request       smuggling (bsc#1259687).
    - CVE-2026-23942: improper limitation of a pathname to a restricted directory in the SFTP server can lead     to path       traversal (bsc#1259681).
    - CVE-2026-23943: improper handling of highly compressed data in Erlang OTP ssh can lead to denial of     service       (bsc#1259682).
    - CVE-2026-28808: incorrect authorization can lead to unauthenticated access to protected CGI scripts     (bsc#1261728).
    - CVE-2026-28810: predictable DNS transaction IDs can lead to DNS cache poisoning (bsc#1261726).
    - CVE-2026-32144: missing signature verification can lead to OCSP authorization bypass and information     disclosure       (bsc#1261734).

    Other updates and bugfixes:

    - jinterface: allow to build determenistic OtpErlang.jar (bsc#1262288).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of the Tenable Identity Exposure running on the remote host is prior to 3.77.17. It is, therefore, affected by multiple vulnerabilities according to advisory TNS-2026-11:

  - A flaw in Node.js's Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write     restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script     granted access only to the current directory can escape the allowed path and read sensitive files. This     breaks the expected isolation guarantees and enables arbitrary file read/write, leading to potential     system compromise. (CVE-2025-55130)

  - Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate     privileges over a network. (CVE-2026-26115)

  - Improper access control in Curl allows an authorized attacker to elevate privileges over a network.
    (CVE-2026-21262)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets     httpd module) allows HTTP Request Smuggling. This vulnerability is associated with program files     lib/inets/src/http_server/httpd_request.erl and program routines httpd_request:parse_headers/7. The server     does not reject or normalize duplicate Content-Length headers. The earliest Content-Length in the request     is used for body parsing while common reverse proxies (nginx, Apache httpd, Envoy) honor the last Content-     Length value. This violates RFC 9112 Section 6.3 and allows front-end/back-end desynchronization, leaving     attacker-controlled bytes queued as the start of the next request. This issue affects OTP from OTP 17.0     until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to inets from 5.10 until 9.6.1, 9.3.2.3     and 9.1.0.5. (CVE-2026-23941)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
310403	Tenable Identity Exposure < 3.77.17 Multiple Vulnerabilities (TNS-2026-11)	Nessus	Misc.	high
310082	openSUSE 16 Security Update : erlang (openSUSE-SU-2026:20607-1)	Nessus	SuSE Local Security Checks	high
307436	Tenable Identity Exposure < 3.77.17 Multiple Vulnerabilities (TNS-2026-11)	Nessus	Misc.	high
302363	Linux Distros Unpatched Vulnerability : CVE-2026-23941	Nessus	Misc.	high

Detections

Analytics

CVE-2026-23941

high

Tenable Plugins

high

high

high

high