Description
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization bypass via missing signature verification.

The OCSP response validation in public_key:pkix_ocsp_validate/5 does not verify that a CA-designated responder certificate was cryptographically signed by the issuing CA. Instead, it only checks that the responder certificate's issuer name matches the CA's subject name and that the certificate has the OCSPSigning extended key usage. An attacker who can intercept or control OCSP responses can create a self-signed certificate with a matching issuer name and the OCSPSigning EKU, and use it to forge OCSP responses that mark revoked certificates as valid.

This affects SSL/TLS clients using OCSP stapling, which may accept connections to servers with revoked certificates, potentially transmitting sensitive data to compromised servers. Applications using the public_key:pkix_ocsp_validate/5 API directly are also affected, with impact depending on usage context.

This vulnerability is associated with program files lib/public_key/src/pubkey_ocsp.erl and program routines pubkey_ocsp:is_authorized_responder/3.

This issue affects OTP from OTP 27.0 until OTP 28.4.2 and 27.3.4.10 corresponding to public_key from 1.16 until 1.20.3 and 1.17.1.2, and ssl from 11.2 until 11.5.4 and 11.2.12.7.
Published: 2026-04-07
Score: 7.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Authorization bypass that permits forged OCSP responses to be accepted, allowing an attacker to trick TLS clients into using certificates that are actually revoked
Action: Immediate Patch
AI Analysis

Impact

The Vulnerability OCSP designated‑responder authorization bypass originates from the public_key:pkix_ocsp_validate/5 function in Erlang OTP, which fails to verify that a CA‑designated responder certificate is cryptographically signed by its issuing CA. Instead, it only checks for a matching issuer name and the presence of the OCSPSigning extended key usage. This flaw, classified as CWE‑295 and CWE‑347, enables an attacker who can influence or intercept OCSP responses to construct a self‑signed responder certificate with a matching issuer name and the required EKU, thereby forging OCSP responses that falsely mark revoked certificates as valid. The consequence is that SSL/TLS clients accepting such stapled responses may establish connections to servers whose certificates have been revoked, potentially exposing sensitive data to malicious servers.

Affected Systems

The flaw affects Erlang: OTP versions from 27.0 through 28.4.2 and 27.3.4.10, which correspond to public_key releases 1.16 through 1.20.3 and 1.17.1.2, as well as ssl releases 11.2 through 11.5.4 and 11.2.12.7. No other vendors or products are listed in the CNA data.

Risk and Exploitability

With a CVSS base score of 7.6 the vulnerability is considered high risk. The EPSS score is not available, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Based on the description, exploitation likely requires the attacker to control or observe OCSP traffic, such as by operating a malicious OCSP responder or performing a man‑in‑the‑middle attack. If successful, the attacker can forge responses and cause TLS clients to accept revoked certificates, potentially exposing confidentiality and integrity of the transported data.

Generated by OpenCVE AI on April 8, 2026 at 01:54 UTC.

Remediation

Vendor Workaround

For SSL users: * Do not enable OCSP validation setting (current default is {stapling, no_staple}) * Use CRL-based revocation checking by setting the {crl_check, true} SSL option instead For applications using public_key:pkix_ocsp_validate/5 directly: * Pass {is_trusted_responder_fun, Fun} option with a function that validates trusted responder certificates * Restrict OCSP responder access to trusted endpoints via network controls (only applicable if you control the OCSP infrastructure)

OpenCVE Recommended Actions

  • Upgrade Erlang/OTP to a version that includes the public_key patch (e.g., OTP 28.5 or later) along with any subsequent SSL updates (e.g., ssl 11.5.5 or later).
  • If an upgrade is not immediately feasible, disable OCSP stapling in SSL by setting the {stapling, no_staple} option.
  • Enable CRL‑based revocation checking by configuring the {crl_check, true} SSL option as an alternative to stapling.
  • For applications that directly call public_key:pkix_ocsp_validate/5, supply an {is_trusted_responder_fun, Fun} option where Fun validates responder certificates against a trusted list.
  • Restrict network access to OCSP responder services to trusted endpoints so that only authorized entities can provide OCSP responses.

Generated by OpenCVE AI on April 8, 2026 at 01:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

 cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N'}

Thu, 23 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Erlang erlang\/public Key
Erlang erlang\/ssl
CPEs cpe:2.3:a:erlang:erlang\/public_key:*:*:*:*:*:*:*:*
cpe:2.3:a:erlang:erlang\/ssl:*:*:*:*:*:*:*:*
Vendors & Products Erlang erlang\/public Key
Erlang erlang\/ssl
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N'}

 cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Erlang erlang/otp
Erlang otp
Vendors & Products Erlang erlang/otp
Erlang otp

Wed, 08 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-347
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N'}

threat_severity

Important

Tue, 07 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Description Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in public_key:pkix_ocsp_validate/5 does not verify that a CA-designated responder certificate was cryptographically signed by the issuing CA. Instead, it only checks that the responder certificate's issuer name matches the CA's subject name and that the certificate has the OCSPSigning extended key usage. An attacker who can intercept or control OCSP responses can create a self-signed certificate with a matching issuer name and the OCSPSigning EKU, and use it to forge OCSP responses that mark revoked certificates as valid. This affects SSL/TLS clients using OCSP stapling, which may accept connections to servers with revoked certificates, potentially transmitting sensitive data to compromised servers. Applications using the public_key:pkix_ocsp_validate/5 API directly are also affected, with impact depending on usage context. This vulnerability is associated with program files lib/public_key/src/pubkey_ocsp.erl and program routines pubkey_ocsp:is_authorized_responder/3. This issue affects OTP from OTP 27.0 until OTP 28.4.2 and 27.3.4.10 corresponding to public_key from 1.16 until 1.20.3 and 1.17.1.2, and ssl from 11.2 until 11.5.4 and 11.2.12.7.
Title OCSP designated-responder authorization bypass via missing signature verification
First Time appeared Erlang
Erlang erlang\/otp
Weaknesses CWE-295
CPEs cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
Vendors & Products Erlang
Erlang erlang\/otp
References
Metrics cvssV4_0

{'score': 7.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

Erlang Erlang/otp Erlang\/otp Erlang\/public Key Erlang\/ssl Otp
cve-icon MITRE

Status: PUBLISHED

Assigner: EEF

Published:

Updated: 2026-04-07T14:38:03.763Z

Reserved: 2026-03-10T22:37:29.212Z

Link: CVE-2026-32144

cve-icon Vulnrichment

Updated: 2026-04-07T13:15:16.503Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-07T13:16:46.570

Modified: 2026-04-23T17:32:55.830

Link: CVE-2026-32144

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-07T12:28:00Z

Links: CVE-2026-32144 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:49:43Z

Weaknesses