CVE-2026-42790
nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification
Description
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted (e.g. permitted;DNS:allowed.example.com) to issue a leaf certificate that an OTP TLS client accepts as a valid identity for an out-of-scope hostname (e.g. victim.example.com): First, pubkey_cert:validate_names/6 in lib/public_key/src/pubkey_cert.erl only checks SAN DNS entries against nameConstraints. Per RFC 5280, a permitted DNS subtree only restricts certificates that contain a DNS-typed name. A leaf with no subjectAltName therefore trivially satisfies any permitted;DNS:... constraint regardless of its subject commonName. Second, public_key:pkix_verify_hostname/3 in lib/public_key/src/public_key.erl falls back to the subject commonName when no subjectAltName is present, extracting id-at-commonName attributes as presented IDs and matching them against the reference hostname. The strict pkix_verify_hostname_match_fun(https) matcher does not suppress this fallback. The result is that path validation accepts a CN-only leaf under a DNS-constrained intermediate (no SAN means the nameConstraints are not triggered), and hostname verification then accepts it via the CN fallback. The bypass is reachable from stock ssl:connect with verify_peer, a trusted CA, SNI, and the canonical strict https hostname matcher. This issue affects OTP from OTP 19.3 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 1.4 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1.
INFO
Published Date :
May 27, 2026, 5:16 p.m.
Last Modified :
June 2, 2026, 2:24 p.m.
Remotely Exploit :
Yes !
Source :
6b3ad84c-e1a6-4bf7-a703-f496b71e49db
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | [email protected] | ||||
| CVSS 4.0 | HIGH | 6b3ad84c-e1a6-4bf7-a703-f496b71e49db | ||||
| CVSS 4.0 | HIGH | 6b3ad84c-e1a6-4bf7-a703-f496b71e49db |
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-42790.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-42790 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-42790
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-42790 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2026-42790 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Jun. 02, 2026
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Added CPE Configuration OR *cpe:2.3:a:erlang:erlang/otp:*:*:*:*:*:*:*:* versions from (including) 19.3 up to (excluding) 26.2.5.21 *cpe:2.3:a:erlang:erlang/otp:*:*:*:*:*:*:*:* versions from (including) 27.0 up to (excluding) 27.3.4.12 *cpe:2.3:a:erlang:erlang/otp:*:*:*:*:*:*:*:* versions from (including) 28.0 up to (excluding) 28.5.0.1 *cpe:2.3:a:erlang:erlang/otp:*:*:*:*:*:*:*:* versions from (including) 29.0 up to (excluding) 29.0.1 Added Reference Type EEF: https://cna.erlef.org/cves/CVE-2026-42790.html Types: Third Party Advisory Added Reference Type EEF: https://github.com/erlang/otp/commit/0769050c69d73762672b0db1347b6993a5b31759 Types: Patch Added Reference Type EEF: https://github.com/erlang/otp/commit/21abed64eb2026b5f82f432709e4e932f9be389a Types: Patch Added Reference Type EEF: https://github.com/erlang/otp/commit/fb67c6d1836f51105a96d8b769e71e4215a79457 Types: Patch Added Reference Type EEF: https://github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447 Types: Vendor Advisory Added Reference Type EEF: https://osv.dev/vulnerability/EEF-CVE-2026-42790 Types: Mitigation, Third Party Advisory Added Reference Type EEF: https://www.erlang.org/doc/system/versions.html#order-of-versions Types: Product -
New CVE Received by 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
May. 27, 2026
Action Type Old Value New Value Added Description Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted (e.g. permitted;DNS:allowed.example.com) to issue a leaf certificate that an OTP TLS client accepts as a valid identity for an out-of-scope hostname (e.g. victim.example.com): First, pubkey_cert:validate_names/6 in lib/public_key/src/pubkey_cert.erl only checks SAN DNS entries against nameConstraints. Per RFC 5280, a permitted DNS subtree only restricts certificates that contain a DNS-typed name. A leaf with no subjectAltName therefore trivially satisfies any permitted;DNS:... constraint regardless of its subject commonName. Second, public_key:pkix_verify_hostname/3 in lib/public_key/src/public_key.erl falls back to the subject commonName when no subjectAltName is present, extracting id-at-commonName attributes as presented IDs and matching them against the reference hostname. The strict pkix_verify_hostname_match_fun(https) matcher does not suppress this fallback. The result is that path validation accepts a CN-only leaf under a DNS-constrained intermediate (no SAN means the nameConstraints are not triggered), and hostname verification then accepts it via the CN fallback. The bypass is reachable from stock ssl:connect with verify_peer, a trusted CA, SNI, and the canonical strict https hostname matcher. This issue affects OTP from OTP 19.3 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 1.4 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1. Added CVSS V4.0 AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Added CWE CWE-295 Added CWE CWE-297 Added Reference https://cna.erlef.org/cves/CVE-2026-42790.html Added Reference https://github.com/erlang/otp/commit/0769050c69d73762672b0db1347b6993a5b31759 Added Reference https://github.com/erlang/otp/commit/21abed64eb2026b5f82f432709e4e932f9be389a Added Reference https://github.com/erlang/otp/commit/fb67c6d1836f51105a96d8b769e71e4215a79457 Added Reference https://github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447 Added Reference https://osv.dev/vulnerability/EEF-CVE-2026-42790 Added Reference https://www.erlang.org/doc/system/versions.html#order-of-versions