Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3254 articles · 170411 vulns · 37/41 feeds (7d)
← Back to list
—
CVE-2026-55952EXPLOITEDPATCHED
erlang · otp

TLS 1.3 server denial of service via malformed ClientHello pre-shared key extension

Description

The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tls_handshake_1_3:handle_pre_shared_key/3, an OfferedPreSharedKeys record with a mismatched number of identities and binders is forwarded directly to tls_server_session_ticket:use/4, which crashes the session ticket handler process. An unauthenticated remote attacker can send a single crafted ClientHello to a TLS 1.3 server with session tickets enabled (stateful or stateless mode) and permanently disrupt session ticket handling on that listener. New TLS 1.3 handshakes complete but subsequently crash when the server attempts to issue a session ticket, effectively making TLS 1.3 unusable on the affected listener until the ssl application is restarted. TLS 1.2 connections are not affected. This issue affects OTP from 22.2 before 29.0.3, 28.5.0.3 and 27.3.4.14 corresponding to ssl from 9.5 before 11.7.3, 11.6.0.3 and 11.2.12.10.

Affected Products

VendorProductVersions
erlangotp9.5, 22.2, 339a279f02ce38a7b23010e56000613e19abb21f

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
open sourceerlang/otpcert_advisory90%

References

  • https://github.com/erlang/otp/security/advisories/GHSA-8c57-44c9-pc59(vendor-advisory, related)
  • https://cna.erlef.org/cves/CVE-2026-55952.html(related)
  • https://osv.dev/vulnerability/EEF-CVE-2026-55952(related)
  • https://www.erlang.org/doc/system/versions.html#order-of-versions(x_version-scheme)
  • https://github.com/erlang/otp/commit/e77823e6d980b2ec0b4fe4ea3f2d098ca239e3ce(patch)
  • https://github.com/erlang/otp/commit/2c3e599797644310e5d4aa39c7193420e59dadff(patch)
  • https://github.com/erlang/otp/commit/9b5437c72fa3403a75c1aba28e5c532bc191c662(patch)

Related News (3 articles)

Tier B
CCCS Canada3h ago
Erlang security advisory (AV26-651)
→ No new info (linked only)
Tier B
BSI Advisories11h ago
[NEU] [mittel] Erlang/OTP: Mehrere Schwachstellen
→ No new info (linked only)
Tier C
VulDB1d ago
CVE-2026-55952 | Erlang OTP up to 29.0.2 ClientHello improper validation of specified quantity in input
→ No new info (linked only)
CISA KEV❌ No
Actively exploited✅ Yes
Patch available
*
CWECWE-1284
PublishedJul 2, 2026
Last enriched1d agov2
Tags
CVE-2026-55952denial-of-servicetls 1.3dtlssession tickets
Trending Score52
Source articles3
Independent3
Info Completeness8/14
Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

NONECVE-2026-55950EXP
DTLS listener crash via race condition in dtls_packet_demux causes denial of service for all sessions
Trending: 58
NONECVE-2026-54886EXP
SSH SFTP server denial of service via extended channel data infinite loop
Trending: 49
NONECVE-2026-53422
SFTP REALPATH path-existence oracle allowing filesystem enumeration outside configured root
Trending: 30
NONECVE-2026-54887
DTLS server cookie bypass during startup window due to empty initial cookie secret
Trending: 30
NONECVE-2026-54891
Plaintext APPLICATION_DATA injected during TLS handshake delivered to client application post-handshake in ssl
Trending: 30

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 2, 2026
Discovered by ZDM
Jul 2, 2026
Updated: severity, affectedVersions, activelyExploited, tags
Jul 2, 2026
Actively Exploited
Jul 3, 2026
Patch Available
Jul 3, 2026

Version History

v2
Last enriched 1d ago
v2Tier C1d ago

Updated severity to CRITICAL, added affected version 29.0.2, and noted that no exploit is available.

severityaffectedVersionsactivelyExploitedtags
via VulDB
v11d ago

Initial creation