PatchSiren cyber security CVE debrief
CVE-2026-55950 Erlang CVE debrief
A high-severity Time-of-check Time-of-use (TOCTOU) race condition vulnerability was discovered in Erlang/OTP ssl, specifically in the dtls_packet_demux module. This vulnerability allows an unauthenticated remote attacker to crash all active DTLS sessions on a listener. The attack is pre-authentication and requires the attacker to send UDP datagrams containing valid ClientHello messages from the same source IP and port before the intermediate DOWN monitor message is processed by the gen_server. Organizations should prioritize patching this vulnerability to prevent potential denial-of-service attacks.
- Vendor
- Erlang
- Product
- OTP
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-02
- Original CVE updated
- 2026-07-07
- Advisory published
- 2026-07-02
- Advisory updated
- 2026-07-07
Who should care
Organizations using Erlang/OTP versions 25.3 before 29.0.3, 28.5.0.3, and 27.3.4.14, or ssl versions 10.9 before 11.7.3, 11.6.0.3, and 11.2.12.10 should prioritize patching this vulnerability to prevent potential denial-of-service attacks. This includes operators, platform administrators, vulnerability management teams, and security teams responsible for these systems.
Technical summary
The vulnerability is caused by a race condition in the demux's internal gb_trees key-value store. When a DTLS client reconnects rapidly from the same source address and port, sending multiple ClientHello messages in quick succession, it can cause a {key_exists, {old, Client}} crash, terminating the demux process. This crash immediately kills every active DTLS session on the listener, not just the attacker's. The affected product context includes Erlang/OTP versions 25.3 before 29.0.3, 28.5.0.3, and 27.3.4.14, or ssl versions 10.9 before 11.7.3, 11.6.0.3, and 11.2.12.10.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates provided by the vendor to vulnerable versions of Erlang/OTP or ssl.
- Implement compensating controls, such as monitoring and exception tracking, to detect and respond to potential attacks.
- Consider disabling DTLS or restricting access to DTLS listeners to minimize the attack surface.
- Review relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
Evidence notes
The CVE record was published on 2026-07-02T17:17:02.910Z and was last modified on 2026-07-07T14:45:59.213Z. The NVD entry is currently Analyzed. This information is based on the supplied source corpus and may not reflect the full scope of affected systems or potential impacts. Defenders should verify the official CVE record and vendor advisories for the most current information.
Official resources
-
CVE-2026-55950 CVE record
CVE.org
-
CVE-2026-55950 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
6b3ad84c-e1a6-4bf7-a703-f496b71e49db - Vendor Advisory
-
Mitigation or vendor reference
6b3ad84c-e1a6-4bf7-a703-f496b71e49db - Patch
-
Mitigation or vendor reference
6b3ad84c-e1a6-4bf7-a703-f496b71e49db - Vendor Advisory
-
Mitigation or vendor reference
6b3ad84c-e1a6-4bf7-a703-f496b71e49db - Third Party Advisory
-
Mitigation or vendor reference
6b3ad84c-e1a6-4bf7-a703-f496b71e49db - Release Notes
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-02T17:17:02.910Z and has not been modified since then. The NVD entry is currently Analyzed.