2441326 – (CVE-2026-21620) CVE-2026-21620 erlang: Erlang OTP tftp_file modules: Information disclosure via relative path traversal

Bug 2441326 (CVE-2026-21620) - CVE-2026-21620 erlang: Erlang OTP tftp_file modules: Information disclosure via relative path traversal

Summary: CVE-2026-21620 erlang: Erlang OTP tftp_file modules: Information disclosure v...

Keywords:
Status:	NEW
Alias:	CVE-2026-21620
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2441330 2441331 2441332
Blocks:
TreeView+	depends on / blocked

Reported:	2026-02-20 12:01 UTC by OSIDB Bzimport
Modified:	2026-02-20 13:29 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-02-20 12:01:37 UTC

Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal. This vulnerability is associated with program files lib/tftp/src/tftp_file.erl, src/tftp_file.Erl.

This issue affects otp: from 17.0, from 07b8f441ca711f9812fad9e9115bab3c3aa92f79; otp: from 5.10 before 7.0; otp: from 1.0.

Note You need to log in before you can comment on or make changes to this bug.