Detections
Analytics
Erlang/OTP 27.x < 27.3.4.10 / 28.x < 28.4.2 OCSP Certificate Validation Bypass (CVE-2026-32144)
high Nessus Plugin ID 305687
Synopsis
The remote host is affected by a certificate validation bypass vulnerability.Description
The version of Erlang/OTP installed on the remote host is 27.x prior to 27.3.4.10 or 28.x prior to 28.4.2. It is, therefore, affected by a certificate validation bypass vulnerability:- Improper certificate validation in the public_key application's OCSP response validation allows an attacker who can intercept or control OCSP responses to forge responses that mark revoked certificates as valid. The OCSP response validation does not verify that a CA-designated responder certificate was cryptographically signed by the issuing CA, only checking the responder certificate's issuer name and OCSPSigning extended key usage.
(CVE-2026-32144)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Erlang/OTP version 27.3.4.10, 28.4.2, or later.See Also
https://github.com/erlang/otp/security/advisories/GHSA-gxrm-pf64-99xm
Plugin Details
Severity: High
ID: 305687
File Name: erlang_otp_CVE-2026-32144.nasl
Version: 1.1
Type: Local
Agent: windows, macosx, unix
Family: Misc.
Published: 4/9/2026
Updated: 4/9/2026
Configuration: Enable thorough checks (optional)
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.0
CVSS v2
Risk Factor: Medium
Base Score: 5.8
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS Score Source: CVE-2026-32144
CVSS v3
Risk Factor: High
Base Score: 7.4
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVSS v4
Risk Factor: High
Base Score: 7.6
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N
Vulnerability Information
CPE: cpe:/a:erlang:erlang%2fotp
Required KB Items: installed_sw/Erlang-OTP
Patch Publication Date: 4/7/2026
Vulnerability Publication Date: 4/7/2026
Reference Information
CVE: CVE-2026-32144