Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2026-54887: CWE-1394 Use of Default Cryptographic Key in Erlang OTP

0
Medium
VulnerabilityCVE-2026-54887cvecve-2026-54887cwe-1394
Published: 07/02/2026 (07/02/2026, 16:06:04 UTC)
Source: CVE Database V5
Vendor/Project: Erlang
Product: OTP

Description

CVE-2026-54887 is a medium severity vulnerability in Erlang/OTP's ssl DTLS server implementation. It involves the use of a default cryptographic key during server startup, allowing predictable DTLS cookie computation. This flaw enables an attacker who can observe the plaintext ClientHello message to bypass source address verification within the initial 0 to 15 seconds after server startup. The vulnerability affects OTP versions from 20.0 before 29.0.3, 28.5.0.3, and 27.3.4.14, specifically impacting ssl versions from 8.2 before 11.7.3, 11.6.0.3, and 11.2.12.10. The DTLS cookie is intended as a denial-of-service mitigation, not an authentication mechanism, so this bypass could allow handshake amplification with spoofed source addresses during the startup window.

CVSS v4.0

Score 6.3medium

Attack Vector
Network
Attack Complexity
Low
Attack Requirements
Present
Privileges Required
None
User Interaction
None
Vuln. Confidentiality
None
Vuln. Integrity
None
Vuln. Availability
Low
Subsq. Confidentiality
None
Subsq. Integrity
None
Subsq. Availability
None
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected software

GitHub Actionsmore threats →cve
ssl
pkg:github/ssl
Affected versions
=8.2
GitHub Actionsmore threats →cve
erlang/otp
pkg:github/erlang/otp
Affected versions
=20.0
CPE configurations
cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*

Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/02/2026, 18:21:49 UTC

Technical Analysis

This vulnerability arises because the DTLS server in Erlang/OTP initializes the previous_cookie_secret to an empty binary at startup instead of a random value. Since HMAC with an empty key is deterministic, an attacker observing the ClientHello message can compute a valid DTLS cookie before the first secret rotation occurs (within 0 to 15 seconds). This allows bypassing source address verification, which is designed to prevent denial-of-service attacks by verifying the client's IP address. The issue is located in the dtls_server_connection:initial_hello/3 function in the Erlang ssl library. Affected versions include OTP 20.0 up to but not including 29.0.3, 28.5.0.3, and 27.3.4.14, and ssl versions from 8.2 up to but not including 11.7.3, 11.6.0.3, and 11.2.12.10.

Potential Impact

An attacker capable of observing plaintext ClientHello messages during the server startup window can bypass source address verification in the DTLS handshake. This bypass undermines the denial-of-service mitigation mechanism, potentially enabling handshake amplification attacks with spoofed source IP addresses. However, this does not compromise authentication or confidentiality directly. The vulnerability is limited to a short time window (0 to 15 seconds) after server startup before the cookie secret rotates to a random value.

Mitigation Recommendations

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or patch information is provided in the available data. Until a patch is available, consider minimizing server restarts or monitoring DTLS handshake behavior during startup. Avoid relying solely on DTLS cookie verification during the initial startup window for critical security decisions.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Data Version
5.2
Assigner Short Name
EEF
Date Reserved
2026-06-16T10:47:13.915Z
Cvss Version
4.0
State
PUBLISHED
Remediation Level
null

Threat ID: 6a46a8b827e9c79719cc4ab5

Added to database: 07/02/2026, 18:06:48 UTC

Last enriched: 07/02/2026, 18:21:49 UTC

Last updated: 07/02/2026, 19:02:35 UTC

Views: 4

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses