Bug 2496625 (CVE-2026-54891)
| Summary: | CVE-2026-54891 erlang: Erlang SSL: Unauthenticated data injection during TLS handshake | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | eglynn, jjoyce, jpretori, jschluet, lhh, mburns, mgarciac |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Erlang's SSL (Secure Sockets Layer) component. A network-positioned attacker can exploit this vulnerability by injecting unauthenticated plaintext data into a client's TLS (Transport Layer Security) handshake. The client application may then process this injected data as if it were legitimate, authenticated server data. This could lead to the blind injection of unauthenticated bytes, potentially impacting the integrity of the communication.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2496748, 2496749, 2496750 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-07-02 17:02:15 UTC
|