{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21620", "assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "state": "PUBLISHED", "assignerShortName": "EEF", "dateReserved": "2026-01-01T03:46:45.934Z", "datePublished": "2026-02-20T10:57:08.620Z", "dateUpdated": "2026-04-07T14:38:08.771Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com", "cpes": ["cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "modules": ["tftp_file"], "packageName": "erlang/otp", "packageURL": "pkg:github/erlang/otp", "product": "OTP", "programFiles": ["lib/tftp/src/tftp_file.erl"], "repo": "https://github.com/erlang/otp", "vendor": "Erlang", "versions": [{"changes": [{"at": "26.2.5.17", "status": "unaffected"}, {"at": "27.3.4.8", "status": "unaffected"}, {"at": "28.3.2", "status": "unaffected"}], "lessThan": "*", "status": "affected", "version": "17.0", "versionType": "otp"}, {"changes": [{"at": "655fb95725ba2fb811740b57e106873833824344", "status": "unaffected"}, {"at": "3970738f687325138eb75f798054fa8960ac354e", "status": "unaffected"}, {"at": "696fdec922661d4a3cc528fc34bc24fae8d4ad8a", "status": "unaffected"}], "lessThan": "*", "status": "affected", "version": "07b8f441ca711f9812fad9e9115bab3c3aa92f79", "versionType": "git"}]}, {"defaultStatus": "unaffected", "modules": ["tftp_file"], "packageName": "inets", "packageURL": "pkg:otp/inets?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp&vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git", "product": "OTP", "programFiles": ["src/tftp_file.erl"], "repo": "https://github.com/erlang/otp", "vendor": "Erlang", "versions": [{"lessThan": "7.0", "status": "affected", "version": "5.10", "versionType": "otp"}]}, {"defaultStatus": "unaffected", "modules": ["tftp_file"], "packageName": "tftp", "packageURL": "pkg:otp/tftp?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp&vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git", "product": "OTP", "programFiles": ["src/tftp_file.erl"], "repo": "https://github.com/erlang/otp", "vendor": "Erlang", "versions": [{"changes": [{"at": "1.1.1.1", "status": "unaffected"}, {"at": "1.2.2.1", "status": "unaffected"}, {"at": "1.2.4", "status": "unaffected"}], "lessThan": "*", "status": "affected", "version": "1.0", "versionType": "otp"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A TFTP server must be started and the TFTP port must be reachable by the attacker, using the <tt>tftp</tt> application (or the legacy <tt>inets</tt> TFTP service) with the <tt>tftp_file</tt> callback module configured with the <tt>{root_dir, Dir}</tt> option."}], "value": "A TFTP server must be started and the TFTP port must be reachable by the attacker, using the tftp application (or the legacy inets TFTP service) with the tftp_file callback module configured with the {root_dir, Dir} option."}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2.5.17", "vulnerable": true}, {"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "versionEndExcluding": "27.3.4.8", "versionStartIncluding": "27.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "versionEndExcluding": "28.3.2", "versionStartIncluding": "28.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "credits": [{"lang": "en", "type": "reporter", "value": "Luigino Camastra"}, {"lang": "en", "type": "remediation reviewer", "value": "Jakub Witczak"}, {"lang": "en", "type": "remediation developer", "value": "Raimo Niskanen"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal.<p> This vulnerability is associated with program files <tt>lib/tftp/src/tftp_file.erl</tt>, <tt>src/tftp_file.erl</tt>.</p><p>This issue affects otp: from 17.0, from 07b8f441ca711f9812fad9e9115bab3c3aa92f79; otp: from 5.10 before 7.0; otp: from 1.0.</p>"}], "value": "Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal. This vulnerability is associated with program files lib/tftp/src/tftp_file.erl, src/tftp_file.erl.\n\nThis issue affects otp: from 17.0, from 07b8f441ca711f9812fad9e9115bab3c3aa92f79; otp: from 5.10 before 7.0; otp: from 1.0."}], "impacts": [{"capecId": "CAPEC-139", "descriptions": [{"lang": "en", "value": "CAPEC-139 Relative Path Traversal"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 2.3, "baseSeverity": "LOW", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-23", "description": "CWE-23 Relative Path Traversal", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "shortName": "EEF", "dateUpdated": "2026-04-07T14:38:08.771Z"}, "references": [{"tags": ["vendor-advisory", "related"], "url": "https://github.com/erlang/otp/security/advisories/GHSA-hmrc-prh3-rpvp"}, {"tags": ["related"], "url": "https://cna.erlef.org/cves/CVE-2026-21620.html"}, {"tags": ["related"], "url": "https://osv.dev/vulnerability/EEF-CVE-2026-21620"}, {"tags": ["x_version-scheme"], "url": "https://www.erlang.org/doc/system/versions.html#order-of-versions"}, {"tags": ["patch"], "url": "https://github.com/erlang/otp/pull/10706"}, {"tags": ["patch"], "url": "https://github.com/erlang/otp/commit/696fdec922661d4a3cc528fc34bc24fae8d4ad8a"}, {"tags": ["patch"], "url": "https://github.com/erlang/otp/commit/3970738f687325138eb75f798054fa8960ac354e"}, {"tags": ["patch"], "url": "https://github.com/erlang/otp/commit/655fb95725ba2fb811740b57e106873833824344"}], "source": {"discovery": "EXTERNAL"}, "title": "TFTP Path Traversal", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-20T13:36:03.423294Z", "id": "CVE-2026-21620", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-20T13:36:39.878Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21620", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-20T13:36:03.423294Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-20T13:36:19.383Z"}}], "cna": {"title": "TFTP Path Traversal", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Luigino Camastra"}, {"lang": "en", "type": "remediation reviewer", "value": "Jakub Witczak"}, {"lang": "en", "type": "remediation developer", "value": "Raimo Niskanen"}], "impacts": [{"capecId": "CAPEC-139", "descriptions": [{"lang": "en", "value": "CAPEC-139 Relative Path Traversal"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"], "repo": "https://github.com/erlang/otp", "vendor": "Erlang", "modules": ["tftp_file"], "product": "OTP", "versions": [{"status": "affected", "changes": [{"at": "26.2.5.17", "status": "unaffected"}, {"at": "27.3.4.8", "status": "unaffected"}, {"at": "28.3.2", "status": "unaffected"}], "version": "17.0", "lessThan": "*", "versionType": "otp"}, {"status": "affected", "changes": [{"at": "655fb95725ba2fb811740b57e106873833824344", "status": "unaffected"}, {"at": "3970738f687325138eb75f798054fa8960ac354e", "status": "unaffected"}, {"at": "696fdec922661d4a3cc528fc34bc24fae8d4ad8a", "status": "unaffected"}], "version": "07b8f441ca711f9812fad9e9115bab3c3aa92f79", "lessThan": "*", "versionType": "git"}], "packageURL": "pkg:github/erlang/otp", "packageName": "erlang/otp", "programFiles": ["lib/tftp/src/tftp_file.erl"], "collectionURL": "https://github.com", "defaultStatus": "unaffected"}, {"repo": "https://github.com/erlang/otp", "vendor": "Erlang", "modules": ["tftp_file"], "product": "OTP", "versions": [{"status": "affected", "version": "5.10", "lessThan": "7.0", "versionType": "otp"}], "packageURL": "pkg:otp/inets?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp&vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git", "packageName": "inets", "programFiles": ["src/tftp_file.erl"], "defaultStatus": "unaffected"}, {"repo": "https://github.com/erlang/otp", "vendor": "Erlang", "modules": ["tftp_file"], "product": "OTP", "versions": [{"status": "affected", "changes": [{"at": "1.1.1.1", "status": "unaffected"}, {"at": "1.2.2.1", "status": "unaffected"}, {"at": "1.2.4", "status": "unaffected"}], "version": "1.0", "lessThan": "*", "versionType": "otp"}], "packageURL": "pkg:otp/tftp?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp&vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git", "packageName": "tftp", "programFiles": ["src/tftp_file.erl"], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/erlang/otp/security/advisories/GHSA-hmrc-prh3-rpvp", "tags": ["vendor-advisory", "related"]}, {"url": "https://cna.erlef.org/cves/CVE-2026-21620.html", "tags": ["related"]}, {"url": "https://osv.dev/vulnerability/EEF-CVE-2026-21620", "tags": ["related"]}, {"url": "https://www.erlang.org/doc/system/versions.html#order-of-versions", "tags": ["x_version-scheme"]}, {"url": "https://github.com/erlang/otp/pull/10706", "tags": ["patch"]}, {"url": "https://github.com/erlang/otp/commit/696fdec922661d4a3cc528fc34bc24fae8d4ad8a", "tags": ["patch"]}, {"url": "https://github.com/erlang/otp/commit/3970738f687325138eb75f798054fa8960ac354e", "tags": ["patch"]}, {"url": "https://github.com/erlang/otp/commit/655fb95725ba2fb811740b57e106873833824344", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal. This vulnerability is associated with program files lib/tftp/src/tftp_file.erl, src/tftp_file.erl.\n\nThis issue affects otp: from 17.0, from 07b8f441ca711f9812fad9e9115bab3c3aa92f79; otp: from 5.10 before 7.0; otp: from 1.0.", "supportingMedia": [{"type": "text/html", "value": "Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal.<p> This vulnerability is associated with program files <tt>lib/tftp/src/tftp_file.erl</tt>, <tt>src/tftp_file.erl</tt>.</p><p>This issue affects otp: from 17.0, from 07b8f441ca711f9812fad9e9115bab3c3aa92f79; otp: from 5.10 before 7.0; otp: from 1.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-23", "description": "CWE-23 Relative Path Traversal"}]}], "configurations": [{"lang": "en", "value": "A TFTP server must be started and the TFTP port must be reachable by the attacker, using the tftp application (or the legacy inets TFTP service) with the tftp_file callback module configured with the {root_dir, Dir} option.", "supportingMedia": [{"type": "text/html", "value": "A TFTP server must be started and the TFTP port must be reachable by the attacker, using the <tt>tftp</tt> application (or the legacy <tt>inets</tt> TFTP service) with the <tt>tftp_file</tt> callback module configured with the <tt>{root_dir, Dir}</tt> option.", "base64": false}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "26.2.5.17"}, {"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "27.3.4.8", "versionStartIncluding": "27.0"}, {"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "28.3.2", "versionStartIncluding": "28.0"}], "operator": "OR"}], "operator": "AND"}], "providerMetadata": {"orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "shortName": "EEF", "dateUpdated": "2026-04-07T14:38:08.771Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21620", "state": "PUBLISHED", "dateUpdated": "2026-04-07T14:38:08.771Z", "dateReserved": "2026-01-01T03:46:45.934Z", "assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "datePublished": "2026-02-20T10:57:08.620Z", "assignerShortName": "EEF"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal. This vulnerability is associated with program files lib/tftp/src/tftp_file.erl, src/tftp_file.erl.\n\nThis issue affects otp: from 17.0, from 07b8f441ca711f9812fad9e9115bab3c3aa92f79; otp: from 5.10 before 7.0; otp: from 1.0."}, {"lang": "es", "value": "Salto de ruta relativo, vulnerabilidad de aislamiento o compartimentaci\u00f3n inadecuados en erlang otp erlang/otp (m\u00f3dulos tftp_file), erlang otp inets (m\u00f3dulos tftp_file), erlang otp tftp (m\u00f3dulos tftp_file) permite Salto de ruta relativo. Esta vulnerabilidad est\u00e1 asociada con los archivos de programa lib/tftp/src/tftp_file.erl, src/tftp_file.erl.\n\nEste problema afecta a otp: desde 17.0, desde 07b8f441ca711f9812fad9e9115bab3c3aa92f79; otp: desde 5.10 antes de 7.0; otp: desde 1.0."}], "id": "CVE-2026-21620", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "type": "Secondary"}]}, "published": "2026-02-20T11:15:56.783", "references": [{"source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "url": "https://cna.erlef.org/cves/CVE-2026-21620.html"}, {"source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "url": "https://github.com/erlang/otp/commit/3970738f687325138eb75f798054fa8960ac354e"}, {"source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "url": "https://github.com/erlang/otp/commit/655fb95725ba2fb811740b57e106873833824344"}, {"source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "url": "https://github.com/erlang/otp/commit/696fdec922661d4a3cc528fc34bc24fae8d4ad8a"}, {"source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "url": "https://github.com/erlang/otp/pull/10706"}, {"source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "url": "https://github.com/erlang/otp/security/advisories/GHSA-hmrc-prh3-rpvp"}, {"source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "url": "https://osv.dev/vulnerability/EEF-CVE-2026-21620"}, {"source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "url": "https://www.erlang.org/doc/system/versions.html#order-of-versions"}], "sourceIdentifier": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-23"}], "source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "type": "Secondary"}]}

{"bugzilla": {"description": "erlang: Erlang OTP tftp_file modules: Information disclosure via relative path traversal", "id": "2441326", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441326"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-22", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Restrict network access to the TFTP service to trusted hosts using firewall rules. Ensure the TFTP server is configured to operate within a chroot environment to limit file system access. If the TFTP service is not required, disable it.\nExample for disabling the TFTP service (if managed by systemd):\n`sudo systemctl stop tftp.service`\n`sudo systemctl disable tftp.service`\nRestart the TFTP service after applying any configuration changes for them to take effect."}, "name": "CVE-2026-21620", "package_state": [{"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Fix deferred", "package_name": "erlang", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Fix deferred", "package_name": "erlang", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Fix deferred", "package_name": "erlang", "product_name": "Red Hat OpenStack Platform 18.0"}], "public_date": "2026-02-20T10:57:08Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-21620\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-21620\nhttps://github.com/erlang/otp/commit/3970738f687325138eb75f798054fa8960ac354e\nhttps://github.com/erlang/otp/commit/655fb95725ba2fb811740b57e106873833824344\nhttps://github.com/erlang/otp/commit/696fdec922661d4a3cc528fc34bc24fae8d4ad8a\nhttps://github.com/erlang/otp/pull/10706\nhttps://github.com/erlang/otp/security/advisories/GHSA-hmrc-prh3-rpvp\nhttps://www.erlang.org/doc/system/versions.html#order-of-versions"], "statement": "This vulnerability has a LOW impact. A relative path traversal flaw in the Erlang/OTP TFTP modules could allow an attacker to access or write files outside the intended TFTP directory. This issue affects systems where the Erlang TFTP service is exposed and actively used.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[17.0,*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "26.2.5.17"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "27.3.4.8"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "28.3.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "07b8f441ca711f9812fad9e9115bab3c3aa92f79"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "code_commit", "value": "655fb95725ba2fb811740b57e106873833824344"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "code_commit", "value": "3970738f687325138eb75f798054fa8960ac354e"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "code_commit", "value": "696fdec922661d4a3cc528fc34bc24fae8d4ad8a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[pkg:otp/inets@5.10,pkg:otp/inets@7.0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[5.10,7.0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[pkg:otp/tftp@1.0,pkg:otp/tftp@*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "pkg:otp/tftp@1.1.1.1"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "pkg:otp/tftp@1.2.2.1"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "pkg:otp/tftp@1.2.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.0,*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "1.1.1.1"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "1.2.2.1"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "1.2.4"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "erlang/otp", "vendor": "erlang"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[17.0,*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "26.2.5.17"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "27.3.4.8"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "28.3.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "07b8f441ca711f9812fad9e9115bab3c3aa92f79"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "code_commit", "value": "655fb95725ba2fb811740b57e106873833824344"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "code_commit", "value": "3970738f687325138eb75f798054fa8960ac354e"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "code_commit", "value": "696fdec922661d4a3cc528fc34bc24fae8d4ad8a"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "OTP", "source": "cna", "vendor": "Erlang"}, "product": "otp", "vendor": "erlang"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[pkg:otp/inets@5.10,pkg:otp/inets@7.0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[5.10,7.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "OTP", "source": "cna", "vendor": "Erlang"}, "product": "otp", "vendor": "erlang"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[pkg:otp/tftp@1.0,pkg:otp/tftp@*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "pkg:otp/tftp@1.1.1.1"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "pkg:otp/tftp@1.2.2.1"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "pkg:otp/tftp@1.2.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.0,*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "1.1.1.1"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "1.2.2.1"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "1.2.4"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "OTP", "source": "cna", "vendor": "Erlang"}, "product": "otp", "vendor": "erlang"}], "analysis": {"en": {"generated_at": "2026-04-16T00:01:01.004076+00:00", "value": {"mitigation_remediation": ["Upgrade Erlang OTP to a release that includes the tftp_file module fix (e.g., after commit 3970738f or later).", "If upgrading is not immediately possible, disable or remove the TFTP service from the system.", "Configure the TFTP server to limit the base directory and block traversal patterns or apply firewall rules to restrict TFTP traffic."], "summary": {"action": "Apply Patch", "impact": "Path Traversal allowing arbitrary file access via TFTP"}, "threat_synthesis": {"affected_systems": "All Erlang OTP releases from 1.0, from 5.10 before 7.0, and from 17.0 onward are impacted, including the specific commit ranges referenced in the advisory. The vulnerability resides in the tftp_file module used by the OTP inets and tftp applications.", "description_and_impact": "A relative path traversal flaw in the tftp_file module of Erlang OTP enables an attacker to request files outside the intended directory by including directory traversal characters in a TFTP file request. The weakness is classified as CWE-22 and CWE-23, and if successfully exploited the attacker can read sensitive files on the host system, compromising confidentiality.", "risk_and_exploitability": "The CVSS score of 2.3 indicates low severity, and the EPSS score of less than 1% shows a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. It appears to be exploitable via the TFTP service; an attacker who can send a crafted TFTP request containing traversal sequences may read arbitrary files on the server."}}}}, "created": "2026-02-23T14:47:06.889724+00:00", "updated": "2026-04-16T00:15:18.629770+00:00", "vendors": ["erlang", "erlang$PRODUCT$erlang/otp", "erlang$PRODUCT$otp"]}