PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-42789 Erlang CVE debrief

A certificate chain validation flaw in Erlang/OTP's public_key module allows non-CA certificates to be incorrectly accepted as intermediate issuers, enabling certificate forgery attacks against TLS and mTLS endpoints.

Vendor
Erlang
Product
OTP
CVSS
HIGH 7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-27
Original CVE updated
2026-05-27
Advisory published
2026-05-27
Advisory updated
2026-05-27

Who should care

Organizations operating Erlang/OTP-based infrastructure including RabbitMQ, CouchDB, ejabberd/XMPP servers, Elixir/Phoenix applications, and custom mTLS services. Cloud providers and platform teams managing certificate-based authentication for microservices built on BEAM VM technologies.

Technical summary

The vulnerability resides in lib/public_key/src/pubkey_cert.erl within the pubkey_cert:validate_extensions/7 function. Two implementation flaws interact: (1) when basicConstraints cA:false is encountered, the function recurses into remaining extensions without rejecting the certificate when it occupies an issuer position in the chain; (2) the keyUsage check for keyCertSign only executes when the extension is present, so certificates lacking keyUsage entirely bypass this enforcement. An attacker possessing any end-entity certificate with basicConstraints cA:false and no keyUsage extension—issued by a CA in the victim's trust store—can use its private key to sign forged leaf certificates for arbitrary identities. The public_key:pkix_path_validation/3 function accepts these forged chains, affecting all TLS and mTLS endpoints using the OTP ssl application's default verifier for both server identity verification (client side) and client certificate verification (mTLS server side).

Defensive priority

HIGH

Recommended defensive actions

  • Upgrade Erlang/OTP to patched versions: 26.2.5.21 or later, 27.3.4.12 or later, 28.5.0.1 or later, or 29.0.1 or later
  • Verify public_key application version is 1.15.1.7+, 1.17.1.3+, 1.20.3.1+, or 1.21.1+
  • Audit TLS/mTLS endpoints built on OTP ssl application for reliance on default certificate verification
  • Review certificate chains accepted by affected systems for unexpected intermediate issuers
  • Monitor for anomalous certificate validation behavior in Erlang-based services

Evidence notes

CVE published 2026-05-27. Affects OTP 17.0 through versions prior to 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1; corresponding public_key versions 0.22 through 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1. Root cause identified in pubkey_cert:validate_extensions/7 where basicConstraints cA:false fails to reject issuer-position certificates and absent keyUsage extensions bypass keyCertSign enforcement.

Official resources

2026-05-27