Erlang security advisory (AV26-522)

Serial number: AV26-522
Date: May 28, 2026

On May 27, 2026, Erlang published security advisories to address vulnerabilities in the following products:

• OTP – versions prior to 29.0.1, 28.5.0.1, 27.3.4.12 and 26.2.5.21
• Public_key (OTP) – versions prior to 1.21.1, 1.20.3.1, 1.17.1.3 and 1.15.1.7

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Name Constraints and Subject CommonName Fallback in TLS hostname Verification
• public_key Accepts non-CA Certificate as Intermediate Issuer, Enabling Chain Forgery
• OCSP Responder Certificate Accepted After Expiry in public_key
• Erlang Security