CVE-2026-42791

OCSP responder certificate validity period not checked in public_key

Previous Page: « Back to all CVEs Next Page: See on OSV.dev »

Weakness Type (CWE)

CWE-295 — CWE-295 Improper Certificate Validation

CAPEC

• CAPEC-475 — CAPEC-475 Signature Spoofing by Improper Validation

CVSS 4.0 Score

6.3

MEDIUM

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N

Vulnerability description

Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid.

OCSP response verification in pubkey_ocsp:verify_response/5 and pubkey_ocsp:is_authorized_responder/3 in lib/public_key/src/pubkey_ocsp.erl does not check the validity period (notBefore/notAfter) of the OCSP responder certificate. An attacker who has obtained the private key of an expired CA-designated OCSP responder certificate can forge OCSP responses that Erlang/OTP accepts as valid.

This affects TLS clients using OCSP stapling via the ssl application: a malicious or compromised server can present a revoked TLS certificate together with a forged OCSP response signed by an expired responder key, and the client will accept the revoked certificate as valid. It also affects applications calling public_key:pkix_ocsp_validate/5 directly, where the impact depends on the use case — server-side client certificate validation using this API may allow authentication bypass with a revoked client certificate.

This issue affects OTP from OTP 27.0 before OTP 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 1.16 before 1.17.1.3, 1.20.3.1, and 1.21.1.

Affected

pkg:otp/public_key

Module	Source File	Routine
pubkey_ocsp	src/pubkey_ocsp.erl	pubkey_ocsp:verify_response/5
		pubkey_ocsp:is_authorized_responder/3

Status	Type	Version	Changes / Fixed in
affected	otp ⓘ	1.16	unaffected at 1.17.1.3 unaffected at 1.20.3.1 unaffected at 1.21.1

pkg:github/erlang/otp

Module	Source File	Routine
pubkey_ocsp	lib/public_key/src/pubkey_ocsp.erl	pubkey_ocsp:verify_response/5
		pubkey_ocsp:is_authorized_responder/3

Status	Type	Version	Changes / Fixed in
affected	otp ⓘ	27.0	unaffected at 27.3.4.12 unaffected at 28.5.0.1 unaffected at 29.0.1
affected	git ⓘ	2b1a742c65	unaffected at 7995f1fdae unaffected at b3870e0240

Configurations

For the ssl application, OCSP stapling must be enabled by setting the stapling option to staple in the TLS client options. OCSP stapling is not enabled by default.<p>Applications calling public_key:pkix_ocsp_validate/5 directly are unconditionally affected when that function is used.</p>

Workarounds

• For TLS clients using the ssl application, disable OCSP stapling by setting {stapling, no_staple} in the client options, or switch to CRL-based revocation checking with {crl_check, true}.
• For applications calling public_key:pkix_ocsp_validate/5 directly, validate the responder certificate's validity period in application code before calling the function.

References

• https://github.com/erlang/otp/security/advisories/GHSA-cjxj-wj6x-3fff vendor-advisory related
• https://osv.dev/vulnerability/EEF-CVE-2026-42791 related
• https://github.com/erlang/otp/commit/7995f1fdaee3da569bb810358ce0f546471d169b patch
• https://github.com/erlang/otp/commit/b3870e02405c709a872b01ba6086065620cdfe76 patch

Credits

• Remediation developer: Jakub Witczak
• Remediation reviewer: Ingela Anderton Andin

CVE record as JSON:  GET /cves/CVE-2026-42791.json
OSV record as JSON:  GET /osv/EEF-CVE-2026-42791.json