Nixpkgs security tracker

Untriaged

Permalink CVE-2026-42790

7.6 HIGH

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Attack Requirement (AT): Present (P)
Privileges Required (PR): None (N)
User Interaction (UI): Passive (P)
Vulnerable System Impact Confidentiality (VC): High (H)
Vulnerable System Impact Integrity (VI): High (H)
Vulnerable System Impact Availability (VA): None (N)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Attack Requirement (MAT): Present (P)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Passive (P)
Modified Vulnerable System Impact Confidentiality (MVC): High (H)
Modified Vulnerable System Impact Integrity (MVI): High (H)
Modified Vulnerable System Impact Availability (MVA): None (N)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)
Exploit Maturity (E): Not Defined (X)

created 4 weeks ago Activity log

Created suggestion 4 weeks ago

nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification

Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted (e.g. permitted;DNS:allowed.example.com) to issue a leaf certificate that an OTP TLS client accepts as a valid identity for an out-of-scope hostname (e.g. victim.example.com): First, pubkey_cert:validate_names/6 in lib/public_key/src/pubkey_cert.erl only checks SAN DNS entries against nameConstraints. Per RFC 5280, a permitted DNS subtree only restricts certificates that contain a DNS-typed name. A leaf with no subjectAltName therefore trivially satisfies any permitted;DNS:... constraint regardless of its subject commonName. Second, public_key:pkix_verify_hostname/3 in lib/public_key/src/public_key.erl falls back to the subject commonName when no subjectAltName is present, extracting id-at-commonName attributes as presented IDs and matching them against the reference hostname. The strict pkix_verify_hostname_match_fun(https) matcher does not suppress this fallback. The result is that path validation accepts a CN-only leaf under a DNS-constrained intermediate (no SAN means the nameConstraints are not triggered), and hostname verification then accepts it via the CN fallback. The bypass is reachable from stock ssl:connect with verify_peer, a trusted CA, SNI, and the canonical strict https hostname matcher. This issue affects OTP from OTP 19.3 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 1.4 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1.

References

https://github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447 relatedvendor-advisory
https://cna.erlef.org/cves/CVE-2026-42790.html related
https://osv.dev/vulnerability/EEF-CVE-2026-42790 related
https://www.erlang.org/doc/system/versions.html#order-of-versions x_version-scheme
https://github.com/erlang/otp/commit/0769050c69d73762672b0db1347b6993a5b31759 patch
https://github.com/erlang/otp/commit/fb67c6d1836f51105a96d8b769e71e4215a79457 patch
https://github.com/erlang/otp/commit/21abed64eb2026b5f82f432709e4e932f9be389a patch

Affected products

erlang/otp

public_key

Matching in nixpkgs

pkgs.cotp

Trustworthy, encrypted, command-line TOTP/HOTP authenticator app with import functionality

nixos-unstable 1.9.10
- nixpkgs-unstable 1.9.10
- nixos-unstable-small 1.9.10

pkgs.otpw

One-time password login package

nixos-unstable 1.5
- nixpkgs-unstable 1.5
- nixos-unstable-small 1.5

pkgs.libcotp

C library that generates TOTP and HOTP

nixos-unstable 3.1.1
- nixpkgs-unstable 3.1.1
- nixos-unstable-small 3.1.1

pkgs.mintotp

Minimal TOTP generator

nixos-unstable 0.3.0
- nixpkgs-unstable 0.3.0
- nixos-unstable-small 0.3.0

pkgs.otpauth

Google Authenticator migration decoder

nixos-unstable 0.6.0
- nixpkgs-unstable 0.6.0
- nixos-unstable-small 0.6.0

pkgs.hotpatch

Hot patching executables on Linux using .so file injection

nixos-unstable 0.2
- nixpkgs-unstable 0.2
- nixos-unstable-small 0.2

pkgs.totp-cli

Authy/Google Authenticator like TOTP CLI tool written in Go

nixos-unstable 1.9.2
- nixpkgs-unstable 1.9.2
- nixos-unstable-small 1.9.2

pkgs.otpclient

Highly secure and easy to use OTP client written in C/GTK that supports both TOTP and HOTP

nixos-unstable 4.2.0
- nixpkgs-unstable 4.2.0
- nixos-unstable-small 4.2.0

pkgs.tpm2-totp

Attest the trustworthiness of a device against a human using time-based one-time passwords

nixos-unstable 0.3.0
- nixpkgs-unstable 0.3.0
- nixos-unstable-small 0.3.0

pkgs.godotpcktool

Standalone tool for extracting and creating Godot .pck files

nixos-unstable 2.2
- nixpkgs-unstable 2.2
- nixos-unstable-small 2.2

pkgs.nitrotpm-tools

Collection of utilities for working with NitroTPM attestation

nixos-unstable 1.1.1
- nixpkgs-unstable 1.1.1
- nixos-unstable-small 1.1.1

pkgs.keepass-otpkeyprov

None

nixos-unstable 2.6
- nixpkgs-unstable 2.6
- nixos-unstable-small 2.6

pkgs.keepass-keetraytotp

None

nixos-unstable 0.108.0
- nixpkgs-unstable 0.108.0
- nixos-unstable-small 0.108.0

pkgs.gnomeExtensions.totp

Generate One-Time Passwords (aka OTP, both TOTP and HOTP) for websites that use Two-Factor Authentication (2FA) like Google, Facebook, Discord, Amazon, Steam, etc.