Erlang/OTP 20.0 < 27.3.4.14 / 28.0 < 28.5.0.3 / 29.0 < 29.0.3 DTLS Cookie Bypass (CVE-2026-54887)

medium Nessus Plugin ID 325891

Synopsis

The remote host is missing a security update.

Description

The version of Erlang/OTP installed on the remote host is 20.0 prior to 27.3.4.14, 28.0 prior to 28.5.0.3, or 29.0 prior to 29.0.3. It is, therefore, affected by a vulnerability:

- Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl (DTLS server) allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtls_server_connection:initial_hello/3 initializes previous_cookie_secret to the empty binary instead of a random value. (CVE-2026-54887)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Erlang/OTP version 27.3.4.14, 28.5.0.3, or 29.0.3 or later.

See Also

https://github.com/erlang/otp/security/advisories/GHSA-p2m2-3c2w-8jp8

Plugin Details

Severity: Medium

ID: 325891

File Name: erlang_otp_CVE-2026-54887.nasl

Version: 1.1

Type: Local

Agent: windows, macosx, unix

Family: Misc.

Published: 7/9/2026

Updated: 7/9/2026

Configuration: Enable thorough checks (optional)

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.1

Percentile: 7.82

CVSS v2

Risk Factor: Medium

Base Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2026-54887

CVSS v3

Risk Factor: Medium

Base Score: 4.8

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Vulnerability Information

CPE: cpe:/a:erlang:erlang%2fotp

Required KB Items: installed_sw/Erlang-OTP

Patch Publication Date: 7/2/2026

Vulnerability Publication Date: 7/2/2026

Reference Information

CVE: CVE-2026-54887