Description
Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal. This vulnerability is associated with program files lib/tftp/src/tftp_file.erl, src/tftp_file.erl.

This issue affects otp: from 17.0, from 07b8f441ca711f9812fad9e9115bab3c3aa92f79; otp: from 5.10 before 7.0; otp: from 1.0.
Published: 2026-02-20
Score: 2.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Path Traversal allowing arbitrary file access via TFTP
Action: Apply Patch
AI Analysis

Impact

A relative path traversal flaw in the tftp_file module of Erlang OTP enables an attacker to request files outside the intended directory by including directory traversal characters in a TFTP file request. The weakness is classified as CWE-22 and CWE-23, and if successfully exploited the attacker can read sensitive files on the host system, compromising confidentiality.

Affected Systems

All Erlang OTP releases from 1.0, from 5.10 before 7.0, and from 17.0 onward are impacted, including the specific commit ranges referenced in the advisory. The vulnerability resides in the tftp_file module used by the OTP inets and tftp applications.

Risk and Exploitability

The CVSS score of 2.3 indicates low severity, and the EPSS score of less than 1% shows a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. It appears to be exploitable via the TFTP service; an attacker who can send a crafted TFTP request containing traversal sequences may read arbitrary files on the server.

Generated by OpenCVE AI on April 16, 2026 at 00:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Erlang OTP to a release that includes the tftp_file module fix (e.g., after commit 3970738f or later).
  • If upgrading is not immediately possible, disable or remove the TFTP service from the system.
  • Configure the TFTP server to limit the base directory and block traversal patterns or apply firewall rules to restrict TFTP traffic.

Generated by OpenCVE AI on April 16, 2026 at 00:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 06 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
References

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Erlang erlang/otp
Erlang otp
Vendors & Products Erlang erlang/otp
Erlang otp

Sat, 21 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-22
References
Metrics threat_severity

None

 cvssV3_1

{'score': 4.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N'}

threat_severity

Moderate

Fri, 20 Feb 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Feb 2026 13:15:00 +0000

Type Values Removed Values Added
Description Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal. This vulnerability is associated with program files lib/tftp/src/tftp_file.erl, src/tftp_file.Erl. This issue affects otp: from 17.0, from 07b8f441ca711f9812fad9e9115bab3c3aa92f79; otp: from 5.10 before 7.0; otp: from 1.0. Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal. This vulnerability is associated with program files lib/tftp/src/tftp_file.erl, src/tftp_file.erl. This issue affects otp: from 17.0, from 07b8f441ca711f9812fad9e9115bab3c3aa92f79; otp: from 5.10 before 7.0; otp: from 1.0.

Fri, 20 Feb 2026 11:15:00 +0000

Type Values Removed Values Added
Description Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal. This vulnerability is associated with program files lib/tftp/src/tftp_file.erl, src/tftp_file.Erl. This issue affects otp: from 17.0, from 07b8f441ca711f9812fad9e9115bab3c3aa92f79; otp: from 5.10 before 7.0; otp: from 1.0.
Title TFTP Path Traversal
First Time appeared Erlang
Erlang erlang\/otp
Weaknesses CWE-23
CPEs cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
Vendors & Products Erlang
Erlang erlang\/otp
References
Metrics cvssV4_0

{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Erlang Erlang/otp Erlang\/otp Otp
cve-icon MITRE

Status: PUBLISHED

Assigner: EEF

Published:

Updated: 2026-04-07T14:38:08.771Z

Reserved: 2026-01-01T03:46:45.934Z

Link: CVE-2026-21620

cve-icon Vulnrichment

Updated: 2026-02-20T13:36:19.383Z

cve-icon NVD

Status : Deferred

Published: 2026-02-20T11:15:56.783

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-21620

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-20T10:57:08Z

Links: CVE-2026-21620 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T00:15:18Z

Weaknesses