SecAlerts
CVE ListPricingSign Up
erlang logo

erlang

Security Risk Profile

45
/100
medium

Security Risk Score

Comprehensive risk assessment based on 61 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from January 15, 2009 to present

61
Total CVEs
17
Critical+High
4
Exploited
6
Unpatched

Threat Assessment

Avg CVSS
6.9
Base severity
Avg EPSS
1%
Exploit probability
Unpatched
6
Critical/High
Risk Level
45/100
medium
⚠️ 4 Active Exploits

Severity Distribution

Critical
4
High
13
Medium
14
Low
1

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
3

Age Distribution

Common Weaknesses (CWE)

1
Path Traversal
4
2
Command Injection
3
3
Buffer Overflow
2
4
XEE
1
5
SSRF
1

Most Affected Products

1. Erlang Erlang\/otp119
2. SSH ssh38
3. Erlang Crypto25
4. Erlang Erlang24
5. Erlang OTP12

Recent Vulnerabilities

See more →
CVE-2026-32147
CVSS 5.3medium

SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT

4/21/2026
CVE-2026-28808
CVSS 8.3high

ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)

4/7/2026
CVE-2026-32144
CVSS 7.6high

OCSP designated-responder authorization bypass via missing signature verification

4/7/2026
CVE-2026-28810
CVSS 6.3medium

Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver

4/7/2026
CVE-2026-28809
CVSS 6.3medium

XXE in esaml SAML library allows local file read and potential SSRF

3/23/2026🔧 No Patch
CVE-2026-23941
CVSS 7.0high

Request smuggling via first-wins Content-Length parsing in inets httpd

3/13/2026
CVE-2026-23943
CVSS 6.9medium

Pre-auth SSH DoS via unbounded zlib inflate

3/13/2026
CVE-2026-23942
CVSS 5.3medium

SFTP root escape via component-agnostic prefix check in ssh_sftpd

3/13/2026
CVE-2026-21619
CVSS 2.0low

Unsafe Deserialization of Erlang Terms in hex_core

2/27/2026
CVE-2025-48041
CVSS 7.5high

SSH_FXP_OPENDIR may Lead to Exhaustion of File Handles

9/11/2025

Monitor erlang in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.