CVE-2026-42791: CWE-295 Improper Certificate Validation in Erlang OTP
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkey_ocsp:verify_response/5 and pubkey_ocsp:is_authorized_responder/3 in lib/public_key/src/pubkey_ocsp.erl does not check the validity period (notBefore/notAfter) of the OCSP responder certificate. An attacker who has obtained the private key of an expired CA-designated OCSP responder certificate can forge OCSP responses that Erlang/OTP accepts as valid. This affects TLS clients using OCSP stapling via the ssl application: a malicious or compromised server can present a revoked TLS certificate together with a forged OCSP response signed by an expired responder key, and the client will accept the revoked certificate as valid. It also affects applications calling public_key:pkix_ocsp_validate/5 directly, where the impact depends on the use case — server-side client certificate validation using this API may allow authentication bypass with a revoked client certificate. This issue affects OTP from OTP 27.0 before OTP 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 1.16 before 1.17.1.3, 1.20.3.1, and 1.21.1.
AI Analysis
Technical Summary
This vulnerability arises from improper certificate validation (CWE-295) in the Erlang OTP public_key module's OCSP response verification functions (pubkey_ocsp:verify_response/5 and pubkey_ocsp:is_authorized_responder/3). Specifically, the validity period (notBefore/notAfter) of the OCSP responder certificate is not checked, enabling attackers who have access to the private key of an expired OCSP responder certificate to forge OCSP responses. Affected OTP versions include 27.0 before 27.3.4.12, 28.5.0.1, and 29.0.1, with corresponding public_key versions prior to 1.17.1.3, 1.20.3.1, and 1.21.1. This flaw can cause TLS clients using OCSP stapling to accept revoked certificates as valid and may allow authentication bypass in server-side client certificate validation scenarios.
Potential Impact
The vulnerability allows acceptance of forged OCSP responses signed by expired responder certificates, which can lead to acceptance of revoked TLS certificates by clients using OCSP stapling. This undermines the trust model of certificate revocation checking and can result in authentication bypass or acceptance of revoked certificates. The impact depends on the use case, but it affects TLS client validation and applications using the public_key:pkix_ocsp_validate/5 API for certificate validation.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider alternative certificate validation methods or avoid relying solely on OCSP stapling with affected Erlang OTP versions. Monitor Erlang's official channels for updates and apply patches promptly once available.
CVE-2026-42791: CWE-295 Improper Certificate Validation in Erlang OTP
Description
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkey_ocsp:verify_response/5 and pubkey_ocsp:is_authorized_responder/3 in lib/public_key/src/pubkey_ocsp.erl does not check the validity period (notBefore/notAfter) of the OCSP responder certificate. An attacker who has obtained the private key of an expired CA-designated OCSP responder certificate can forge OCSP responses that Erlang/OTP accepts as valid. This affects TLS clients using OCSP stapling via the ssl application: a malicious or compromised server can present a revoked TLS certificate together with a forged OCSP response signed by an expired responder key, and the client will accept the revoked certificate as valid. It also affects applications calling public_key:pkix_ocsp_validate/5 directly, where the impact depends on the use case — server-side client certificate validation using this API may allow authentication bypass with a revoked client certificate. This issue affects OTP from OTP 27.0 before OTP 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 1.16 before 1.17.1.3, 1.20.3.1, and 1.21.1.
CVSS v4.0
Score 6.3medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability arises from improper certificate validation (CWE-295) in the Erlang OTP public_key module's OCSP response verification functions (pubkey_ocsp:verify_response/5 and pubkey_ocsp:is_authorized_responder/3). Specifically, the validity period (notBefore/notAfter) of the OCSP responder certificate is not checked, enabling attackers who have access to the private key of an expired OCSP responder certificate to forge OCSP responses. Affected OTP versions include 27.0 before 27.3.4.12, 28.5.0.1, and 29.0.1, with corresponding public_key versions prior to 1.17.1.3, 1.20.3.1, and 1.21.1. This flaw can cause TLS clients using OCSP stapling to accept revoked certificates as valid and may allow authentication bypass in server-side client certificate validation scenarios.
Potential Impact
The vulnerability allows acceptance of forged OCSP responses signed by expired responder certificates, which can lead to acceptance of revoked TLS certificates by clients using OCSP stapling. This undermines the trust model of certificate revocation checking and can result in authentication bypass or acceptance of revoked certificates. The impact depends on the use case, but it affects TLS client validation and applications using the public_key:pkix_ocsp_validate/5 API for certificate validation.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider alternative certificate validation methods or avoid relying solely on OCSP stapling with affected Erlang OTP versions. Monitor Erlang's official channels for updates and apply patches promptly once available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- EEF
- Date Reserved
- 2026-04-29T18:06:33.251Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a16f9d5e29bf47b50c0e945
Added to database: 5/27/2026, 2:04:05 PM
Last enriched: 5/27/2026, 3:18:41 PM
Last updated: 5/29/2026, 2:55:57 PM
Views: 13
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.