Description
Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl (tls_gen_connection module) allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client application later treats as authenticated server data.

The function tls_gen_connection:handle_protocol_record/3 rejects APPLICATION_DATA records that arrive in pre-handshake states when the TLS endpoint acts as a server, but does not apply the same check when the endpoint acts as a client. A network-positioned attacker can send plaintext APPLICATION_DATA records to the client during the handshake. The records are buffered and, once the handshake completes successfully, delivered to the application as if they were authenticated post-handshake data. The attacker cannot observe the client's response or steer the connection, so the impact is limited to blind injection of unauthenticated bytes. The injection window is wider for TLS versions prior to TLS 1.3 than for TLS 1.3.

This vulnerability is associated with program file lib/ssl/src/tls_gen_connection.erl.

This issue affects OTP from OTP 17.0 before 29.0.3, 28.5.0.3 and 27.3.4.14 corresponding to ssl from 5.3.4 before 11.7.3, 11.6.0.3 and 11.2.12.10. TLS 1.3 is affected starting with OTP 22.0, when TLS 1.3 support was added.
Published: 2026-07-02
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In Erlang/OTP’s ssl component, the client‑side implementation of tls_gen_connection fails to reject APPLICATION_DATA records received before the TLS handshake is complete. A network‑positioned attacker can therefore send plaintext data during the handshake that is buffered and later returned to the application after the handshake finishes, making the application believe it is authentic server data. The vulnerability does not let the attacker observe the client’s response or steer the connection, so the impact is limited to blind injection of arbitrary bytes into the client application. This can lead to data corruption or unintended application behavior but does not directly provide code execution or remote control.

Affected Systems

The vulnerability exists in Erlang/OTP releases 17.0 up to 29.0.3, 28.5.0.3 and 27.3.4.14, which correspond to ssl versions 5.3.4 up to 11.7.3, 11.6.0.3 and 11.2.12.10. TLS 1.3 is affected in OTP 22.0 and later when TLS 1.3 support was added.

Risk and Exploitability

With a CVSS score of 6.3 the vulnerability is considered medium. An attacker must be positioned in the network path to the client and must be able to inject packets during the handshake; no active response is required. Because the exploit results in only blind data injection and the EPSS score is not available, the likelihood of widespread exploitation is uncertain. The vulnerability is not currently listed in CISA’s KEV catalog.

Generated by OpenCVE AI on July 3, 2026 at 10:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Erlang/OTP to a patched release (29.0.3 or newer, or 28.5.0.3 or newer, or 27.3.4.14 or newer) which includes the client‑side integrity check.
  • If an immediate upgrade is not possible, apply the patch from commit 07d2d0e93f6aaf7652a81e8df075fc1728da5e96 to the ssl module to enforce message integrity in client mode.
  • Deploy a network device or TLS proxy that validates TLS handshake compliance to reject unsolicited APPLICATION_DATA during the handshake, thereby preventing blind injection.

Generated by OpenCVE AI on July 3, 2026 at 10:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Jul 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N'}

threat_severity

Low


Thu, 02 Jul 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Erlang erlang/otp
Erlang otp
Vendors & Products Erlang erlang/otp
Erlang otp
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 02 Jul 2026 16:45:00 +0000

Type Values Removed Values Added
Description Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl (tls_gen_connection module) allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client application later treats as authenticated server data. The function tls_gen_connection:handle_protocol_record/3 rejects APPLICATION_DATA records that arrive in pre-handshake states when the TLS endpoint acts as a server, but does not apply the same check when the endpoint acts as a client. A network-positioned attacker can send plaintext APPLICATION_DATA records to the client during the handshake. The records are buffered and, once the handshake completes successfully, delivered to the application as if they were authenticated post-handshake data. The attacker cannot observe the client's response or steer the connection, so the impact is limited to blind injection of unauthenticated bytes. The injection window is wider for TLS versions prior to TLS 1.3 than for TLS 1.3. This vulnerability is associated with program file lib/ssl/src/tls_gen_connection.erl. This issue affects OTP from OTP 17.0 before 29.0.3, 28.5.0.3 and 27.3.4.14 corresponding to ssl from 5.3.4 before 11.7.3, 11.6.0.3 and 11.2.12.10. TLS 1.3 is affected starting with OTP 22.0, when TLS 1.3 support was added.
Title Plaintext APPLICATION_DATA injected during TLS handshake delivered to client application post-handshake in ssl
First Time appeared Erlang
Erlang erlang\/otp
Weaknesses CWE-924
CPEs cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
Vendors & Products Erlang
Erlang erlang\/otp
References
Metrics cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}


Subscriptions

Erlang Erlang/otp Erlang\/otp Otp
cve-icon MITRE

Status: PUBLISHED

Assigner: EEF

Published:

Updated: 2026-07-03T04:29:42.794Z

Reserved: 2026-06-16T10:47:13.915Z

Link: CVE-2026-54891

cve-icon Vulnrichment

Updated: 2026-07-02T17:24:46.970Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Low

Publid Date: 2026-07-02T16:06:30Z

Links: CVE-2026-54891 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-07-03T10:15:03Z

Weaknesses
  • CWE-924

    Improper Enforcement of Message Integrity During Transmission in a Communication Channel