Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted (e.g. permitted;DNS:allowed.example.com) to issue a leaf certificate that an OTP TLS client accepts as a valid identity for an out-of-scope hostname (e.g. victim.example.com): First, pubkey_cert:validate_names/6 in lib/public_key/src/pubkey_cert.erl only checks SAN DNS entries against nameConstraints. Per RFC 5280, a permitted DNS subtree only restricts certificates that contain a DNS-typed name. A leaf with no subjectAltName therefore trivially satisfies any permitted;DNS:... constraint regardless of its subject commonName. Second, public_key:pkix_verify_hostname/3 in lib/public_key/src/public_key.erl falls back to the subject commonName when no subjectAltName is present, extracting id-at-commonName attributes as presented IDs and matching them against the reference hostname. The strict pkix_verify_hostname_match_fun(https) matcher does not suppress this fallback. The result is that path validation accepts a CN-only leaf under a DNS-constrained intermediate (no SAN means the nameConstraints are not triggered), and hostname verification then accepts it via the CN fallback. The bypass is reachable from stock ssl:connect with verify_peer, a trusted CA, SNI, and the canonical strict https hostname matcher. This issue affects OTP from OTP 19.3 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 1.4 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1.

An update of the erlang package has been released.

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20907-1 advisory.

    This update for erlang fixes the following issues

    - CVE-2025-4748: improper limitation of a pathname may lead to path traversal (bsc#1244642).
    - CVE-2026-32147: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in SFTP     chroot       (bsc#1262503).
    - CVE-2026-42789: `public_key` application accepts non-CA certificates as intermediate issuers and this     enables chain       forgery (bsc#1266449).
    - CVE-2026-42790: Name Constraints and Subject CommonName fallback in TLS hostname verification allows for     certificate       forgery by MITM attacker (bsc#1266466).
    - CVE-2026-42791: OCSP response verification in the `public_key` application does not check the validity     period of the       OCSP responder certificate and allows for OCSP response response forgery (bsc#1266448).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Erlang/OTP installed on the remote host is 19.3 prior to 26.2.5.21, 27.0 prior to 27.3.4.12, 28.0 prior to 28.5.0.1, or 29.0 prior to 29.0.1. It is, therefore, affected by a vulnerability:

  - Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and     public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback     in TLS hostname verification. (CVE-2026-42790)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key     modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification.
    Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted (e.g.
    permitted;DNS:allowed.example.com) to issue a leaf certificate that an OTP TLS client accepts as a valid     identity for an out-of-scope hostname (e.g. victim.example.com): First, pubkey_cert:validate_names/6 in     lib/public_key/src/pubkey_cert.erl only checks SAN DNS entries against nameConstraints. Per RFC 5280, a     permitted DNS subtree only restricts certificates that contain a DNS-typed name. A leaf with no     subjectAltName therefore trivially satisfies any permitted;DNS:... constraint regardless of its subject     commonName. Second, public_key:pkix_verify_hostname/3 in lib/public_key/src/public_key.erl falls back to     the subject commonName when no subjectAltName is present, extracting id-at-commonName attributes as     presented IDs and matching them against the reference hostname. The strict     pkix_verify_hostname_match_fun(https) matcher does not suppress this fallback. The result is that path     validation accepts a CN-only leaf under a DNS-constrained intermediate (no SAN means the nameConstraints     are not triggered), and hostname verification then accepts it via the CN fallback. The bypass is reachable     from stock ssl:connect with verify_peer, a trusted CA, SNI, and the canonical strict https hostname     matcher. This issue affects OTP from OTP 19.3 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1     corresponding to public_key from 1.4 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1. (CVE-2026-42790)

Note that Nessus relies on the presence of the package as reported by the vendor.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 93576148-5a54-11f1-b886-4c526214c986 advisory.

    https://github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447 reports:
    Erlang/OTP's TLS hostname verification implements a legacy               RFC 6125 fallback that checks the Subject CommonName when the               Subject Alternative Name (SAN) extension is absent, rather               than following RFC 9525 which requires validation to fail               without SAN. Combined with weak handling of X.509 Name               Constraints, this enables man-in-the-middle attacks when an               attacker controls a DNS-constrained sub-CA and can intercept               network traffic, allowing forgery of certificates for               unauthorized domains.

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
321790	Photon OS 5.0: Erlang PHSA-2026-5.0-0883	Nessus	PhotonOS Local Security Checks	high
320423	openSUSE 16 Security Update : erlang (openSUSE-SU-2026:20907-1)	Nessus	SuSE Local Security Checks	high
317741	Erlang/OTP 19.3 < 26.2.5.21 / 27.0 < 27.3.4.12 / 28.0 < 28.5.0.1 / 29.0 < 29.0.1 DNS nameConstraints Bypass (CVE-2026-42790)	Nessus	Misc.	high
317637	Linux Distros Unpatched Vulnerability : CVE-2026-42790	Nessus	Misc.	high
317390	FreeBSD : Erlang/OTP -- TLS hostname verification bypass via Subject CommonName fallback and name constraints (93576148-5a54-11f1-b886-4c526214c986)	Nessus	FreeBSD Local Security Checks	high

Detections

Analytics

CVE-2026-42790

high

Tenable Plugins

high

high

high

high

high