Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in public_key:pkix_ocsp_validate/5 does not verify that a CA-designated responder certificate was cryptographically signed by the issuing CA. Instead, it only checks that the responder certificate's issuer name matches the CA's subject name and that the certificate has the OCSPSigning extended key usage. An attacker who can intercept or control OCSP responses can create a self-signed certificate with a matching issuer name and the OCSPSigning EKU, and use it to forge OCSP responses that mark revoked certificates as valid. This affects SSL/TLS clients using OCSP stapling, which may accept connections to servers with revoked certificates, potentially transmitting sensitive data to compromised servers. Applications using the public_key:pkix_ocsp_validate/5 API directly are also affected, with impact depending on usage context. This vulnerability is associated with program files lib/public_key/src/pubkey_ocsp.erl and program routines pubkey_ocsp:is_authorized_responder/3. This issue affects OTP from OTP 27.0 until OTP 28.4.2 and 27.3.4.10 corresponding to public_key from 1.16 until 1.20.3 and 1.17.1.2, and ssl from 11.2 until 11.5.4 and 11.2.12.7.

An update of the erlang package has been released.

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20607-1 advisory.

    Security issues fixed:

    - CVE-2026-21620: improper isolation and compartmentalization can lead to TFTP relative path traversal and     remote       arbitrary reads/writes (bsc#1258663).
    - CVE-2026-23941: improper handling of duplicate Content-Length headers in Erlang OTP can lead to HTTP     request       smuggling (bsc#1259687).
    - CVE-2026-23942: improper limitation of a pathname to a restricted directory in the SFTP server can lead     to path       traversal (bsc#1259681).
    - CVE-2026-23943: improper handling of highly compressed data in Erlang OTP ssh can lead to denial of     service       (bsc#1259682).
    - CVE-2026-28808: incorrect authorization can lead to unauthenticated access to protected CGI scripts     (bsc#1261728).
    - CVE-2026-28810: predictable DNS transaction IDs can lead to DNS cache poisoning (bsc#1261726).
    - CVE-2026-32144: missing signature verification can lead to OCSP authorization bypass and information     disclosure       (bsc#1261734).

    Other updates and bugfixes:

    - jinterface: allow to build determenistic OtpErlang.jar (bsc#1262288).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Erlang/OTP installed on the remote host is 27.x prior to 27.3.4.10 or 28.x prior to 28.4.2. It is, therefore, affected by a certificate validation bypass vulnerability:

  - Improper certificate validation in the public_key application's OCSP response validation allows an attacker who     can intercept or control OCSP responses to forge responses that mark revoked certificates as valid. The OCSP     response validation does not verify that a CA-designated responder certificate was cryptographically signed by     the issuing CA, only checking the responder certificate's issuer name and OCSPSigning extended key usage.
    (CVE-2026-32144)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP     designated-responder authorization bypass via missing signature verification. The OCSP response validation     in public_key:pkix_ocsp_validate/5 does not verify that a CA-designated responder certificate was     cryptographically signed by the issuing CA. Instead, it only checks that the responder certificate's     issuer name matches the CA's subject name and that the certificate has the OCSPSigning extended key usage.
    An attacker who can intercept or control OCSP responses can create a self-signed certificate with a     matching issuer name and the OCSPSigning EKU, and use it to forge OCSP responses that mark revoked     certificates as valid. This affects SSL/TLS clients using OCSP stapling, which may accept connections to     servers with revoked certificates, potentially transmitting sensitive data to compromised servers.
    Applications using the public_key:pkix_ocsp_validate/5 API directly are also affected, with impact     depending on usage context. This vulnerability is associated with program files     lib/public_key/src/pubkey_ocsp.erl and program routines pubkey_ocsp:is_authorized_responder/3. This issue     affects OTP from OTP 27.0 until OTP 28.4.2 and 27.3.4.10 corresponding to public_key from 1.16 until     1.20.3 and 1.17.1.2, and ssl from 11.2 until 11.5.4 and 11.2.12.7. (CVE-2026-32144)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
312353	Photon OS 5.0: Erlang PHSA-2026-5.0-0831	Nessus	PhotonOS Local Security Checks	high
312351	Photon OS 4.0: Erlang PHSA-2026-4.0-1005	Nessus	PhotonOS Local Security Checks	high
310082	openSUSE 16 Security Update : erlang (openSUSE-SU-2026:20607-1)	Nessus	SuSE Local Security Checks	high
305687	Erlang/OTP 27.x < 27.3.4.10 / 28.x < 28.4.2 OCSP Certificate Validation Bypass (CVE-2026-32144)	Nessus	Misc.	high
305609	Linux Distros Unpatched Vulnerability : CVE-2026-32144	Nessus	Misc.	high

Detections

Analytics

CVE-2026-32144

high

Tenable Plugins

high

high

high

high

high