CVE-2026-54891
Awaiting Analysis Awaiting Analysis - Queue

Improper Message Integrity Enforcement in Erlang/OTP SSL

Vulnerability report for CVE-2026-54891, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-02

Last updated on: 2026-07-02

Assigner: EEF

Description

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl (tls_gen_connection module) allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client application later treats as authenticated server data. The function tls_gen_connection:handle_protocol_record/3 rejects APPLICATION_DATA records that arrive in pre-handshake states when the TLS endpoint acts as a server, but does not apply the same check when the endpoint acts as a client. A network-positioned attacker can send plaintext APPLICATION_DATA records to the client during the handshake. The records are buffered and, once the handshake completes successfully, delivered to the application as if they were authenticated post-handshake data. The attacker cannot observe the client's response or steer the connection, so the impact is limited to blind injection of unauthenticated bytes. The injection window is wider for TLS versions prior to TLS 1.3 than for TLS 1.3. This vulnerability is associated with program file lib/ssl/src/tls_gen_connection.erl. This issue affects OTP from OTP 17.0 before 29.0.3, 28.5.0.3 and 27.3.4.14 corresponding to ssl from 5.3.4 before 11.7.3, 11.6.0.3 and 11.2.12.10. TLS 1.3 is affected starting with OTP 22.0, when TLS 1.3 support was added.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-02
Last Modified
2026-07-02
Generated
2026-07-03
AI Q&A
2026-07-02
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 8 associated CPEs
Vendor Product Version / Range
erlang otp 17.0
erlang otp to 29.0.3 (exc)
erlang otp 28.5.0.3
erlang otp 27.3.4.14
erlang ssl 5.3.4
erlang ssl to 11.7.3 (exc)
erlang ssl 11.6.0.3
erlang ssl 11.2.12.10

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-924 The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

This vulnerability allows a network-positioned attacker to inject unauthenticated plaintext data into a TLS client during the handshake process.

The injected data is delivered to the client application after the handshake completes, potentially misleading the client into treating unauthenticated data as if it were authenticated server data.

However, the attacker cannot observe the client's response or steer the connection, limiting the impact to blind injection without control over the connection.

The injection window is wider for TLS versions prior to TLS 1.3, meaning older TLS versions are more vulnerable to this attack.

Executive Summary

CVE-2026-54891 is a vulnerability in the Erlang/OTP ssl module, specifically in the tls_gen_connection module, where a network-positioned attacker can inject unauthenticated plaintext APPLICATION_DATA during the TLS handshake.

The issue arises because the function tls_gen_connection:handle_protocol_record/3 rejects APPLICATION_DATA records in pre-handshake states only when the TLS endpoint acts as a server, but does not apply this check when acting as a client.

As a result, an attacker can send plaintext APPLICATION_DATA records to the client during the handshake. These records are buffered and, once the handshake completes successfully, delivered to the application as if they were authenticated post-handshake data.

The attacker cannot observe the client's response or control the connection, so the impact is limited to blind injection of unauthenticated bytes. The vulnerability affects TLS versions prior to TLS 1.3 more severely than TLS 1.3.

Detection Guidance

This vulnerability involves the injection of unauthenticated plaintext APPLICATION_DATA records during the TLS handshake, which are then accepted by the TLS client after handshake completion. Detection would involve monitoring TLS handshake traffic for unexpected plaintext application data packets sent to the client before handshake completion.

Since the attacker injects plaintext APPLICATION_DATA during the handshake, network monitoring tools could be used to detect such anomalies by inspecting TLS handshake packets for unexpected application data records.

However, no specific detection commands or tools are provided in the available resources.

Mitigation Strategies

The primary mitigation is to upgrade the Erlang/OTP and ssl versions to the fixed releases where this vulnerability has been addressed.

  • Upgrade OTP to version 29.0.3, 28.5.0.3, or 27.3.4.14 or later.
  • Upgrade the ssl application to versions 11.7.3, 11.6.0.3, or 11.2.12.10 or later.

These updates include hardening in the tls_gen_connection module that reject unexpected application data before handshake completion, terminating the connection with a fatal alert if such data is detected.

Compliance Impact

This vulnerability allows a network-positioned attacker to inject unauthenticated plaintext data into a TLS client during the handshake, which the client later treats as authenticated server data. Although the attacker cannot observe or control the client's response, the injection of unauthenticated data could potentially undermine the integrity and confidentiality guarantees expected from TLS communications.

Such a weakness in the TLS communication channel could impact compliance with standards and regulations like GDPR and HIPAA, which require protection of data integrity and confidentiality during transmission. The improper enforcement of message integrity may lead to risks of data tampering or injection attacks, which could be considered a failure to adequately protect sensitive data in transit.

However, the specific impact on compliance depends on the context of use, the sensitivity of the data transmitted, and whether the affected systems have implemented the patched versions that fix this vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54891. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart