{"schema_version":"1.7.2","id":"OESA-2026-2705","modified":"2026-06-24T13:11:15Z","published":"2026-06-24T13:11:15Z","upstream":["CVE-2026-21620"],"summary":"erlang security update","details":"Erlang is a general-purpose programming language and runtime\nenvironment. Erlang has built-in support for concurrency, distribution\nand fault tolerance. Erlang is used in several large telecommunication\nsystems from Ericsson.\r\n\r\n\nSecurity Fix(es):\n\nRelative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal. This vulnerability is associated with program files lib/tftp/src/tftp_file.erl, src/tftp_file.erl.\n\nThis issue affects otp: from 17.0, from 07b8f441ca711f9812fad9e9115bab3c3aa92f79; otp: from 5.10 before 7.0; otp: from 1.0.(CVE-2026-21620)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS-SP1","name":"erlang","purl":"pkg:rpm/openEuler/erlang&distro=openEuler-24.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"25.3.2.6-15.oe2403sp1"}]}],"ecosystem_specific":{"aarch64":["erlang-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-asn1-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-common_test-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-compiler-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-crypto-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-debugger-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-debuginfo-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-debugsource-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-dialyzer-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-diameter-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-edoc-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-eldap-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-erl_docgen-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-erl_interface-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-erts-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-et-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-eunit-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-examples-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-ftp-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-inets-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-jinterface-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-kernel-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-megaco-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-mnesia-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-observer-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-odbc-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-os_mon-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-parsetools-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-public_key-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-reltool-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-runtime_tools-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-sasl-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-snmp-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-src-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-ssh-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-ssl-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-stdlib-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-syntax_tools-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-tftp-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-tools-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-wx-25.3.2.6-15.oe2403sp1.aarch64.rpm","erlang-xmerl-25.3.2.6-15.oe2403sp1.aarch64.rpm"],"src":["erlang-25.3.2.6-15.oe2403sp1.src.rpm"],"x86_64":["erlang-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-asn1-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-common_test-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-compiler-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-crypto-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-debugger-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-debuginfo-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-debugsource-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-dialyzer-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-diameter-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-edoc-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-eldap-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-erl_docgen-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-erl_interface-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-erts-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-et-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-eunit-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-examples-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-ftp-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-inets-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-jinterface-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-kernel-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-megaco-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-mnesia-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-observer-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-odbc-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-os_mon-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-parsetools-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-public_key-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-reltool-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-runtime_tools-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-sasl-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-snmp-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-src-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-ssh-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-ssl-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-stdlib-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-syntax_tools-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-tftp-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-tools-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-wx-25.3.2.6-15.oe2403sp1.x86_64.rpm","erlang-xmerl-25.3.2.6-15.oe2403sp1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2705"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-21620"}],"database_specific":{"severity":"Low"}}