SUSE-SU-2026:2010-1
Vulnerability from csaf_suse - Published: 2026-05-19 11:56 - Updated: 2026-05-19 11:56Summary
Security update for erlang26
Severity
Important
Notes
Title of the patch: Security update for erlang26
Description of the patch: This update for erlang26 fixes the following issues
Security issues:
- CVE-2026-21620: remote arbitrary read/write via TFTP relative path traversal (bsc#1258663).
- CVE-2026-23941: HTTP Request Smuggling in Erlang OTP (bsc#1259687).
- CVE-2026-23942: path traversal vulnerability in Erlang OTP (bsc#1259681).
- CVE-2026-23943: denial of service due to improper handling of highly compressed data in Erlang OTP ssh (bsc#1259682).
- CVE-2026-28808: incorrect authorization can lead to unauthenticated access to protected CGI scripts (bsc#1261728).
- CVE-2026-32147: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in SFTP chroot
(bsc#1262503).
Non security issue:
- Fixes for FIPS mode (jsc#PED-15166.
Patchnames: SUSE-2026-2010,SUSE-SLE-Module-Server-Applications-15-SP7-2026-2010,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2010,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2010
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.8 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.4 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
28 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for erlang26",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for erlang26 fixes the following issues\n\nSecurity issues:\n\n- CVE-2026-21620: remote arbitrary read/write via TFTP relative path traversal (bsc#1258663).\n- CVE-2026-23941: HTTP Request Smuggling in Erlang OTP (bsc#1259687).\n- CVE-2026-23942: path traversal vulnerability in Erlang OTP (bsc#1259681).\n- CVE-2026-23943: denial of service due to improper handling of highly compressed data in Erlang OTP ssh (bsc#1259682).\n- CVE-2026-28808: incorrect authorization can lead to unauthenticated access to protected CGI scripts (bsc#1261728).\n- CVE-2026-32147: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) in SFTP chroot\n (bsc#1262503).\n\nNon security issue:\n\n- Fixes for FIPS mode (jsc#PED-15166.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-2010,SUSE-SLE-Module-Server-Applications-15-SP7-2026-2010,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2010,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2010",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2010-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:2010-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262010-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:2010-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-May/046571.html"
},
{
"category": "self",
"summary": "SUSE Bug 1258663",
"url": "https://bugzilla.suse.com/1258663"
},
{
"category": "self",
"summary": "SUSE Bug 1259681",
"url": "https://bugzilla.suse.com/1259681"
},
{
"category": "self",
"summary": "SUSE Bug 1259682",
"url": "https://bugzilla.suse.com/1259682"
},
{
"category": "self",
"summary": "SUSE Bug 1259687",
"url": "https://bugzilla.suse.com/1259687"
},
{
"category": "self",
"summary": "SUSE Bug 1261728",
"url": "https://bugzilla.suse.com/1261728"
},
{
"category": "self",
"summary": "SUSE Bug 1262503",
"url": "https://bugzilla.suse.com/1262503"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21620 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21620/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23941 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23941/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23942 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23942/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23943 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23943/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-28808 page",
"url": "https://www.suse.com/security/cve/CVE-2026-28808/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-32147 page",
"url": "https://www.suse.com/security/cve/CVE-2026-32147/"
}
],
"title": "Security update for erlang26",
"tracking": {
"current_release_date": "2026-05-19T11:56:05Z",
"generator": {
"date": "2026-05-19T11:56:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:2010-1",
"initial_release_date": "2026-05-19T11:56:05Z",
"revision_history": [
{
"date": "2026-05-19T11:56:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "erlang26-26.2.1-150300.7.25.1.aarch64",
"product": {
"name": "erlang26-26.2.1-150300.7.25.1.aarch64",
"product_id": "erlang26-26.2.1-150300.7.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "erlang26-debugger-26.2.1-150300.7.25.1.aarch64",
"product": {
"name": "erlang26-debugger-26.2.1-150300.7.25.1.aarch64",
"product_id": "erlang26-debugger-26.2.1-150300.7.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "erlang26-debugger-src-26.2.1-150300.7.25.1.aarch64",
"product": {
"name": "erlang26-debugger-src-26.2.1-150300.7.25.1.aarch64",
"product_id": "erlang26-debugger-src-26.2.1-150300.7.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "erlang26-dialyzer-26.2.1-150300.7.25.1.aarch64",
"product": {
"name": "erlang26-dialyzer-26.2.1-150300.7.25.1.aarch64",
"product_id": "erlang26-dialyzer-26.2.1-150300.7.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "erlang26-dialyzer-src-26.2.1-150300.7.25.1.aarch64",
"product": {
"name": "erlang26-dialyzer-src-26.2.1-150300.7.25.1.aarch64",
"product_id": "erlang26-dialyzer-src-26.2.1-150300.7.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "erlang26-diameter-26.2.1-150300.7.25.1.aarch64",
"product": {
"name": "erlang26-diameter-26.2.1-150300.7.25.1.aarch64",
"product_id": "erlang26-diameter-26.2.1-150300.7.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "erlang26-diameter-src-26.2.1-150300.7.25.1.aarch64",
"product": {
"name": "erlang26-diameter-src-26.2.1-150300.7.25.1.aarch64",
"product_id": "erlang26-diameter-src-26.2.1-150300.7.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "erlang26-doc-26.2.1-150300.7.25.1.aarch64",
"product": {
"name": "erlang26-doc-26.2.1-150300.7.25.1.aarch64",
"product_id": "erlang26-doc-26.2.1-150300.7.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"product": {
"name": "erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"product_id": "erlang26-epmd-26.2.1-150300.7.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "erlang26-et-26.2.1-150300.7.25.1.aarch64",
"product": {
"name": "erlang26-et-26.2.1-150300.7.25.1.aarch64",
"product_id": "erlang26-et-26.2.1-150300.7.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "erlang26-et-src-26.2.1-150300.7.25.1.aarch64",
"product": {
"name": "erlang26-et-src-26.2.1-150300.7.25.1.aarch64",
"product_id": "erlang26-et-src-26.2.1-150300.7.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "erlang26-jinterface-26.2.1-150300.7.25.1.aarch64",
"product": {
"name": "erlang26-jinterface-26.2.1-150300.7.25.1.aarch64",
"product_id": "erlang26-jinterface-26.2.1-150300.7.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "erlang26-jinterface-src-26.2.1-150300.7.25.1.aarch64",
"product": {
"name": "erlang26-jinterface-src-26.2.1-150300.7.25.1.aarch64",
"product_id": "erlang26-jinterface-src-26.2.1-150300.7.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "erlang26-observer-26.2.1-150300.7.25.1.aarch64",
"product": {
"name": "erlang26-observer-26.2.1-150300.7.25.1.aarch64",
"product_id": "erlang26-observer-26.2.1-150300.7.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "erlang26-observer-src-26.2.1-150300.7.25.1.aarch64",
"product": {
"name": "erlang26-observer-src-26.2.1-150300.7.25.1.aarch64",
"product_id": "erlang26-observer-src-26.2.1-150300.7.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "erlang26-reltool-26.2.1-150300.7.25.1.aarch64",
"product": {
"name": "erlang26-reltool-26.2.1-150300.7.25.1.aarch64",
"product_id": "erlang26-reltool-26.2.1-150300.7.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "erlang26-reltool-src-26.2.1-150300.7.25.1.aarch64",
"product": {
"name": "erlang26-reltool-src-26.2.1-150300.7.25.1.aarch64",
"product_id": "erlang26-reltool-src-26.2.1-150300.7.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "erlang26-src-26.2.1-150300.7.25.1.aarch64",
"product": {
"name": "erlang26-src-26.2.1-150300.7.25.1.aarch64",
"product_id": "erlang26-src-26.2.1-150300.7.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "erlang26-wx-26.2.1-150300.7.25.1.aarch64",
"product": {
"name": "erlang26-wx-26.2.1-150300.7.25.1.aarch64",
"product_id": "erlang26-wx-26.2.1-150300.7.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "erlang26-wx-src-26.2.1-150300.7.25.1.aarch64",
"product": {
"name": "erlang26-wx-src-26.2.1-150300.7.25.1.aarch64",
"product_id": "erlang26-wx-src-26.2.1-150300.7.25.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "erlang26-26.2.1-150300.7.25.1.i586",
"product": {
"name": "erlang26-26.2.1-150300.7.25.1.i586",
"product_id": "erlang26-26.2.1-150300.7.25.1.i586"
}
},
{
"category": "product_version",
"name": "erlang26-debugger-26.2.1-150300.7.25.1.i586",
"product": {
"name": "erlang26-debugger-26.2.1-150300.7.25.1.i586",
"product_id": "erlang26-debugger-26.2.1-150300.7.25.1.i586"
}
},
{
"category": "product_version",
"name": "erlang26-debugger-src-26.2.1-150300.7.25.1.i586",
"product": {
"name": "erlang26-debugger-src-26.2.1-150300.7.25.1.i586",
"product_id": "erlang26-debugger-src-26.2.1-150300.7.25.1.i586"
}
},
{
"category": "product_version",
"name": "erlang26-dialyzer-26.2.1-150300.7.25.1.i586",
"product": {
"name": "erlang26-dialyzer-26.2.1-150300.7.25.1.i586",
"product_id": "erlang26-dialyzer-26.2.1-150300.7.25.1.i586"
}
},
{
"category": "product_version",
"name": "erlang26-dialyzer-src-26.2.1-150300.7.25.1.i586",
"product": {
"name": "erlang26-dialyzer-src-26.2.1-150300.7.25.1.i586",
"product_id": "erlang26-dialyzer-src-26.2.1-150300.7.25.1.i586"
}
},
{
"category": "product_version",
"name": "erlang26-diameter-26.2.1-150300.7.25.1.i586",
"product": {
"name": "erlang26-diameter-26.2.1-150300.7.25.1.i586",
"product_id": "erlang26-diameter-26.2.1-150300.7.25.1.i586"
}
},
{
"category": "product_version",
"name": "erlang26-diameter-src-26.2.1-150300.7.25.1.i586",
"product": {
"name": "erlang26-diameter-src-26.2.1-150300.7.25.1.i586",
"product_id": "erlang26-diameter-src-26.2.1-150300.7.25.1.i586"
}
},
{
"category": "product_version",
"name": "erlang26-doc-26.2.1-150300.7.25.1.i586",
"product": {
"name": "erlang26-doc-26.2.1-150300.7.25.1.i586",
"product_id": "erlang26-doc-26.2.1-150300.7.25.1.i586"
}
},
{
"category": "product_version",
"name": "erlang26-epmd-26.2.1-150300.7.25.1.i586",
"product": {
"name": "erlang26-epmd-26.2.1-150300.7.25.1.i586",
"product_id": "erlang26-epmd-26.2.1-150300.7.25.1.i586"
}
},
{
"category": "product_version",
"name": "erlang26-et-26.2.1-150300.7.25.1.i586",
"product": {
"name": "erlang26-et-26.2.1-150300.7.25.1.i586",
"product_id": "erlang26-et-26.2.1-150300.7.25.1.i586"
}
},
{
"category": "product_version",
"name": "erlang26-et-src-26.2.1-150300.7.25.1.i586",
"product": {
"name": "erlang26-et-src-26.2.1-150300.7.25.1.i586",
"product_id": "erlang26-et-src-26.2.1-150300.7.25.1.i586"
}
},
{
"category": "product_version",
"name": "erlang26-jinterface-26.2.1-150300.7.25.1.i586",
"product": {
"name": "erlang26-jinterface-26.2.1-150300.7.25.1.i586",
"product_id": "erlang26-jinterface-26.2.1-150300.7.25.1.i586"
}
},
{
"category": "product_version",
"name": "erlang26-jinterface-src-26.2.1-150300.7.25.1.i586",
"product": {
"name": "erlang26-jinterface-src-26.2.1-150300.7.25.1.i586",
"product_id": "erlang26-jinterface-src-26.2.1-150300.7.25.1.i586"
}
},
{
"category": "product_version",
"name": "erlang26-observer-26.2.1-150300.7.25.1.i586",
"product": {
"name": "erlang26-observer-26.2.1-150300.7.25.1.i586",
"product_id": "erlang26-observer-26.2.1-150300.7.25.1.i586"
}
},
{
"category": "product_version",
"name": "erlang26-observer-src-26.2.1-150300.7.25.1.i586",
"product": {
"name": "erlang26-observer-src-26.2.1-150300.7.25.1.i586",
"product_id": "erlang26-observer-src-26.2.1-150300.7.25.1.i586"
}
},
{
"category": "product_version",
"name": "erlang26-reltool-26.2.1-150300.7.25.1.i586",
"product": {
"name": "erlang26-reltool-26.2.1-150300.7.25.1.i586",
"product_id": "erlang26-reltool-26.2.1-150300.7.25.1.i586"
}
},
{
"category": "product_version",
"name": "erlang26-reltool-src-26.2.1-150300.7.25.1.i586",
"product": {
"name": "erlang26-reltool-src-26.2.1-150300.7.25.1.i586",
"product_id": "erlang26-reltool-src-26.2.1-150300.7.25.1.i586"
}
},
{
"category": "product_version",
"name": "erlang26-src-26.2.1-150300.7.25.1.i586",
"product": {
"name": "erlang26-src-26.2.1-150300.7.25.1.i586",
"product_id": "erlang26-src-26.2.1-150300.7.25.1.i586"
}
},
{
"category": "product_version",
"name": "erlang26-wx-26.2.1-150300.7.25.1.i586",
"product": {
"name": "erlang26-wx-26.2.1-150300.7.25.1.i586",
"product_id": "erlang26-wx-26.2.1-150300.7.25.1.i586"
}
},
{
"category": "product_version",
"name": "erlang26-wx-src-26.2.1-150300.7.25.1.i586",
"product": {
"name": "erlang26-wx-src-26.2.1-150300.7.25.1.i586",
"product_id": "erlang26-wx-src-26.2.1-150300.7.25.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "erlang26-26.2.1-150300.7.25.1.ppc64le",
"product": {
"name": "erlang26-26.2.1-150300.7.25.1.ppc64le",
"product_id": "erlang26-26.2.1-150300.7.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "erlang26-debugger-26.2.1-150300.7.25.1.ppc64le",
"product": {
"name": "erlang26-debugger-26.2.1-150300.7.25.1.ppc64le",
"product_id": "erlang26-debugger-26.2.1-150300.7.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "erlang26-debugger-src-26.2.1-150300.7.25.1.ppc64le",
"product": {
"name": "erlang26-debugger-src-26.2.1-150300.7.25.1.ppc64le",
"product_id": "erlang26-debugger-src-26.2.1-150300.7.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "erlang26-dialyzer-26.2.1-150300.7.25.1.ppc64le",
"product": {
"name": "erlang26-dialyzer-26.2.1-150300.7.25.1.ppc64le",
"product_id": "erlang26-dialyzer-26.2.1-150300.7.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "erlang26-dialyzer-src-26.2.1-150300.7.25.1.ppc64le",
"product": {
"name": "erlang26-dialyzer-src-26.2.1-150300.7.25.1.ppc64le",
"product_id": "erlang26-dialyzer-src-26.2.1-150300.7.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "erlang26-diameter-26.2.1-150300.7.25.1.ppc64le",
"product": {
"name": "erlang26-diameter-26.2.1-150300.7.25.1.ppc64le",
"product_id": "erlang26-diameter-26.2.1-150300.7.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "erlang26-diameter-src-26.2.1-150300.7.25.1.ppc64le",
"product": {
"name": "erlang26-diameter-src-26.2.1-150300.7.25.1.ppc64le",
"product_id": "erlang26-diameter-src-26.2.1-150300.7.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "erlang26-doc-26.2.1-150300.7.25.1.ppc64le",
"product": {
"name": "erlang26-doc-26.2.1-150300.7.25.1.ppc64le",
"product_id": "erlang26-doc-26.2.1-150300.7.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"product": {
"name": "erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"product_id": "erlang26-epmd-26.2.1-150300.7.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "erlang26-et-26.2.1-150300.7.25.1.ppc64le",
"product": {
"name": "erlang26-et-26.2.1-150300.7.25.1.ppc64le",
"product_id": "erlang26-et-26.2.1-150300.7.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "erlang26-et-src-26.2.1-150300.7.25.1.ppc64le",
"product": {
"name": "erlang26-et-src-26.2.1-150300.7.25.1.ppc64le",
"product_id": "erlang26-et-src-26.2.1-150300.7.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "erlang26-jinterface-26.2.1-150300.7.25.1.ppc64le",
"product": {
"name": "erlang26-jinterface-26.2.1-150300.7.25.1.ppc64le",
"product_id": "erlang26-jinterface-26.2.1-150300.7.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "erlang26-jinterface-src-26.2.1-150300.7.25.1.ppc64le",
"product": {
"name": "erlang26-jinterface-src-26.2.1-150300.7.25.1.ppc64le",
"product_id": "erlang26-jinterface-src-26.2.1-150300.7.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "erlang26-observer-26.2.1-150300.7.25.1.ppc64le",
"product": {
"name": "erlang26-observer-26.2.1-150300.7.25.1.ppc64le",
"product_id": "erlang26-observer-26.2.1-150300.7.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "erlang26-observer-src-26.2.1-150300.7.25.1.ppc64le",
"product": {
"name": "erlang26-observer-src-26.2.1-150300.7.25.1.ppc64le",
"product_id": "erlang26-observer-src-26.2.1-150300.7.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "erlang26-reltool-26.2.1-150300.7.25.1.ppc64le",
"product": {
"name": "erlang26-reltool-26.2.1-150300.7.25.1.ppc64le",
"product_id": "erlang26-reltool-26.2.1-150300.7.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "erlang26-reltool-src-26.2.1-150300.7.25.1.ppc64le",
"product": {
"name": "erlang26-reltool-src-26.2.1-150300.7.25.1.ppc64le",
"product_id": "erlang26-reltool-src-26.2.1-150300.7.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "erlang26-src-26.2.1-150300.7.25.1.ppc64le",
"product": {
"name": "erlang26-src-26.2.1-150300.7.25.1.ppc64le",
"product_id": "erlang26-src-26.2.1-150300.7.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "erlang26-wx-26.2.1-150300.7.25.1.ppc64le",
"product": {
"name": "erlang26-wx-26.2.1-150300.7.25.1.ppc64le",
"product_id": "erlang26-wx-26.2.1-150300.7.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "erlang26-wx-src-26.2.1-150300.7.25.1.ppc64le",
"product": {
"name": "erlang26-wx-src-26.2.1-150300.7.25.1.ppc64le",
"product_id": "erlang26-wx-src-26.2.1-150300.7.25.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "erlang26-26.2.1-150300.7.25.1.s390x",
"product": {
"name": "erlang26-26.2.1-150300.7.25.1.s390x",
"product_id": "erlang26-26.2.1-150300.7.25.1.s390x"
}
},
{
"category": "product_version",
"name": "erlang26-debugger-26.2.1-150300.7.25.1.s390x",
"product": {
"name": "erlang26-debugger-26.2.1-150300.7.25.1.s390x",
"product_id": "erlang26-debugger-26.2.1-150300.7.25.1.s390x"
}
},
{
"category": "product_version",
"name": "erlang26-debugger-src-26.2.1-150300.7.25.1.s390x",
"product": {
"name": "erlang26-debugger-src-26.2.1-150300.7.25.1.s390x",
"product_id": "erlang26-debugger-src-26.2.1-150300.7.25.1.s390x"
}
},
{
"category": "product_version",
"name": "erlang26-dialyzer-26.2.1-150300.7.25.1.s390x",
"product": {
"name": "erlang26-dialyzer-26.2.1-150300.7.25.1.s390x",
"product_id": "erlang26-dialyzer-26.2.1-150300.7.25.1.s390x"
}
},
{
"category": "product_version",
"name": "erlang26-dialyzer-src-26.2.1-150300.7.25.1.s390x",
"product": {
"name": "erlang26-dialyzer-src-26.2.1-150300.7.25.1.s390x",
"product_id": "erlang26-dialyzer-src-26.2.1-150300.7.25.1.s390x"
}
},
{
"category": "product_version",
"name": "erlang26-diameter-26.2.1-150300.7.25.1.s390x",
"product": {
"name": "erlang26-diameter-26.2.1-150300.7.25.1.s390x",
"product_id": "erlang26-diameter-26.2.1-150300.7.25.1.s390x"
}
},
{
"category": "product_version",
"name": "erlang26-diameter-src-26.2.1-150300.7.25.1.s390x",
"product": {
"name": "erlang26-diameter-src-26.2.1-150300.7.25.1.s390x",
"product_id": "erlang26-diameter-src-26.2.1-150300.7.25.1.s390x"
}
},
{
"category": "product_version",
"name": "erlang26-doc-26.2.1-150300.7.25.1.s390x",
"product": {
"name": "erlang26-doc-26.2.1-150300.7.25.1.s390x",
"product_id": "erlang26-doc-26.2.1-150300.7.25.1.s390x"
}
},
{
"category": "product_version",
"name": "erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"product": {
"name": "erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"product_id": "erlang26-epmd-26.2.1-150300.7.25.1.s390x"
}
},
{
"category": "product_version",
"name": "erlang26-et-26.2.1-150300.7.25.1.s390x",
"product": {
"name": "erlang26-et-26.2.1-150300.7.25.1.s390x",
"product_id": "erlang26-et-26.2.1-150300.7.25.1.s390x"
}
},
{
"category": "product_version",
"name": "erlang26-et-src-26.2.1-150300.7.25.1.s390x",
"product": {
"name": "erlang26-et-src-26.2.1-150300.7.25.1.s390x",
"product_id": "erlang26-et-src-26.2.1-150300.7.25.1.s390x"
}
},
{
"category": "product_version",
"name": "erlang26-jinterface-26.2.1-150300.7.25.1.s390x",
"product": {
"name": "erlang26-jinterface-26.2.1-150300.7.25.1.s390x",
"product_id": "erlang26-jinterface-26.2.1-150300.7.25.1.s390x"
}
},
{
"category": "product_version",
"name": "erlang26-jinterface-src-26.2.1-150300.7.25.1.s390x",
"product": {
"name": "erlang26-jinterface-src-26.2.1-150300.7.25.1.s390x",
"product_id": "erlang26-jinterface-src-26.2.1-150300.7.25.1.s390x"
}
},
{
"category": "product_version",
"name": "erlang26-observer-26.2.1-150300.7.25.1.s390x",
"product": {
"name": "erlang26-observer-26.2.1-150300.7.25.1.s390x",
"product_id": "erlang26-observer-26.2.1-150300.7.25.1.s390x"
}
},
{
"category": "product_version",
"name": "erlang26-observer-src-26.2.1-150300.7.25.1.s390x",
"product": {
"name": "erlang26-observer-src-26.2.1-150300.7.25.1.s390x",
"product_id": "erlang26-observer-src-26.2.1-150300.7.25.1.s390x"
}
},
{
"category": "product_version",
"name": "erlang26-reltool-26.2.1-150300.7.25.1.s390x",
"product": {
"name": "erlang26-reltool-26.2.1-150300.7.25.1.s390x",
"product_id": "erlang26-reltool-26.2.1-150300.7.25.1.s390x"
}
},
{
"category": "product_version",
"name": "erlang26-reltool-src-26.2.1-150300.7.25.1.s390x",
"product": {
"name": "erlang26-reltool-src-26.2.1-150300.7.25.1.s390x",
"product_id": "erlang26-reltool-src-26.2.1-150300.7.25.1.s390x"
}
},
{
"category": "product_version",
"name": "erlang26-src-26.2.1-150300.7.25.1.s390x",
"product": {
"name": "erlang26-src-26.2.1-150300.7.25.1.s390x",
"product_id": "erlang26-src-26.2.1-150300.7.25.1.s390x"
}
},
{
"category": "product_version",
"name": "erlang26-wx-26.2.1-150300.7.25.1.s390x",
"product": {
"name": "erlang26-wx-26.2.1-150300.7.25.1.s390x",
"product_id": "erlang26-wx-26.2.1-150300.7.25.1.s390x"
}
},
{
"category": "product_version",
"name": "erlang26-wx-src-26.2.1-150300.7.25.1.s390x",
"product": {
"name": "erlang26-wx-src-26.2.1-150300.7.25.1.s390x",
"product_id": "erlang26-wx-src-26.2.1-150300.7.25.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "erlang26-26.2.1-150300.7.25.1.x86_64",
"product": {
"name": "erlang26-26.2.1-150300.7.25.1.x86_64",
"product_id": "erlang26-26.2.1-150300.7.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "erlang26-debugger-26.2.1-150300.7.25.1.x86_64",
"product": {
"name": "erlang26-debugger-26.2.1-150300.7.25.1.x86_64",
"product_id": "erlang26-debugger-26.2.1-150300.7.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "erlang26-debugger-src-26.2.1-150300.7.25.1.x86_64",
"product": {
"name": "erlang26-debugger-src-26.2.1-150300.7.25.1.x86_64",
"product_id": "erlang26-debugger-src-26.2.1-150300.7.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "erlang26-dialyzer-26.2.1-150300.7.25.1.x86_64",
"product": {
"name": "erlang26-dialyzer-26.2.1-150300.7.25.1.x86_64",
"product_id": "erlang26-dialyzer-26.2.1-150300.7.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "erlang26-dialyzer-src-26.2.1-150300.7.25.1.x86_64",
"product": {
"name": "erlang26-dialyzer-src-26.2.1-150300.7.25.1.x86_64",
"product_id": "erlang26-dialyzer-src-26.2.1-150300.7.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "erlang26-diameter-26.2.1-150300.7.25.1.x86_64",
"product": {
"name": "erlang26-diameter-26.2.1-150300.7.25.1.x86_64",
"product_id": "erlang26-diameter-26.2.1-150300.7.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "erlang26-diameter-src-26.2.1-150300.7.25.1.x86_64",
"product": {
"name": "erlang26-diameter-src-26.2.1-150300.7.25.1.x86_64",
"product_id": "erlang26-diameter-src-26.2.1-150300.7.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "erlang26-doc-26.2.1-150300.7.25.1.x86_64",
"product": {
"name": "erlang26-doc-26.2.1-150300.7.25.1.x86_64",
"product_id": "erlang26-doc-26.2.1-150300.7.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"product": {
"name": "erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"product_id": "erlang26-epmd-26.2.1-150300.7.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "erlang26-et-26.2.1-150300.7.25.1.x86_64",
"product": {
"name": "erlang26-et-26.2.1-150300.7.25.1.x86_64",
"product_id": "erlang26-et-26.2.1-150300.7.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "erlang26-et-src-26.2.1-150300.7.25.1.x86_64",
"product": {
"name": "erlang26-et-src-26.2.1-150300.7.25.1.x86_64",
"product_id": "erlang26-et-src-26.2.1-150300.7.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "erlang26-jinterface-26.2.1-150300.7.25.1.x86_64",
"product": {
"name": "erlang26-jinterface-26.2.1-150300.7.25.1.x86_64",
"product_id": "erlang26-jinterface-26.2.1-150300.7.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "erlang26-jinterface-src-26.2.1-150300.7.25.1.x86_64",
"product": {
"name": "erlang26-jinterface-src-26.2.1-150300.7.25.1.x86_64",
"product_id": "erlang26-jinterface-src-26.2.1-150300.7.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "erlang26-observer-26.2.1-150300.7.25.1.x86_64",
"product": {
"name": "erlang26-observer-26.2.1-150300.7.25.1.x86_64",
"product_id": "erlang26-observer-26.2.1-150300.7.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "erlang26-observer-src-26.2.1-150300.7.25.1.x86_64",
"product": {
"name": "erlang26-observer-src-26.2.1-150300.7.25.1.x86_64",
"product_id": "erlang26-observer-src-26.2.1-150300.7.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "erlang26-reltool-26.2.1-150300.7.25.1.x86_64",
"product": {
"name": "erlang26-reltool-26.2.1-150300.7.25.1.x86_64",
"product_id": "erlang26-reltool-26.2.1-150300.7.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "erlang26-reltool-src-26.2.1-150300.7.25.1.x86_64",
"product": {
"name": "erlang26-reltool-src-26.2.1-150300.7.25.1.x86_64",
"product_id": "erlang26-reltool-src-26.2.1-150300.7.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "erlang26-src-26.2.1-150300.7.25.1.x86_64",
"product": {
"name": "erlang26-src-26.2.1-150300.7.25.1.x86_64",
"product_id": "erlang26-src-26.2.1-150300.7.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "erlang26-wx-26.2.1-150300.7.25.1.x86_64",
"product": {
"name": "erlang26-wx-26.2.1-150300.7.25.1.x86_64",
"product_id": "erlang26-wx-26.2.1-150300.7.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "erlang26-wx-src-26.2.1-150300.7.25.1.x86_64",
"product": {
"name": "erlang26-wx-src-26.2.1-150300.7.25.1.x86_64",
"product_id": "erlang26-wx-src-26.2.1-150300.7.25.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "erlang26-26.2.1-150300.7.25.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.aarch64"
},
"product_reference": "erlang26-26.2.1-150300.7.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "erlang26-26.2.1-150300.7.25.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.ppc64le"
},
"product_reference": "erlang26-26.2.1-150300.7.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "erlang26-26.2.1-150300.7.25.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.s390x"
},
"product_reference": "erlang26-26.2.1-150300.7.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "erlang26-26.2.1-150300.7.25.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.x86_64"
},
"product_reference": "erlang26-26.2.1-150300.7.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "erlang26-epmd-26.2.1-150300.7.25.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.aarch64"
},
"product_reference": "erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "erlang26-epmd-26.2.1-150300.7.25.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le"
},
"product_reference": "erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "erlang26-epmd-26.2.1-150300.7.25.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.s390x"
},
"product_reference": "erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "erlang26-epmd-26.2.1-150300.7.25.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.x86_64"
},
"product_reference": "erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "erlang26-26.2.1-150300.7.25.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.aarch64"
},
"product_reference": "erlang26-26.2.1-150300.7.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "erlang26-26.2.1-150300.7.25.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.ppc64le"
},
"product_reference": "erlang26-26.2.1-150300.7.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "erlang26-26.2.1-150300.7.25.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.s390x"
},
"product_reference": "erlang26-26.2.1-150300.7.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "erlang26-26.2.1-150300.7.25.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.x86_64"
},
"product_reference": "erlang26-26.2.1-150300.7.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "erlang26-epmd-26.2.1-150300.7.25.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.aarch64"
},
"product_reference": "erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "erlang26-epmd-26.2.1-150300.7.25.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le"
},
"product_reference": "erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "erlang26-epmd-26.2.1-150300.7.25.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.s390x"
},
"product_reference": "erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "erlang26-epmd-26.2.1-150300.7.25.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.x86_64"
},
"product_reference": "erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "erlang26-26.2.1-150300.7.25.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.ppc64le"
},
"product_reference": "erlang26-26.2.1-150300.7.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "erlang26-26.2.1-150300.7.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.x86_64"
},
"product_reference": "erlang26-26.2.1-150300.7.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "erlang26-epmd-26.2.1-150300.7.25.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le"
},
"product_reference": "erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "erlang26-epmd-26.2.1-150300.7.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.x86_64"
},
"product_reference": "erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-21620",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21620"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal. This vulnerability is associated with program files lib/tftp/src/tftp_file.erl, src/tftp_file.erl.\n\nThis issue affects otp: from 17.0, from 07b8f441ca711f9812fad9e9115bab3c3aa92f79; otp: from 5.10 before 7.0; otp: from 1.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21620",
"url": "https://www.suse.com/security/cve/CVE-2026-21620"
},
{
"category": "external",
"summary": "SUSE Bug 1258663 for CVE-2026-21620",
"url": "https://bugzilla.suse.com/1258663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-19T11:56:05Z",
"details": "important"
}
],
"title": "CVE-2026-21620"
},
{
"cve": "CVE-2026-23941",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23941"
}
],
"notes": [
{
"category": "general",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027) vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling.\n\nThis vulnerability is associated with program files lib/inets/src/http_server/httpd_request.erl and program routines httpd_request:parse_headers/7.\n\nThe server does not reject or normalize duplicate Content-Length headers. The earliest Content-Length in the request is used for body parsing while common reverse proxies (nginx, Apache httpd, Envoy) honor the last Content-Length value. This violates RFC 9112 Section 6.3 and allows front-end/back-end desynchronization, leaving attacker-controlled bytes queued as the start of the next request.\n\nThis issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to inets from 5.10 until 9.6.1, 9.3.2.3 and 9.1.0.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23941",
"url": "https://www.suse.com/security/cve/CVE-2026-23941"
},
{
"category": "external",
"summary": "SUSE Bug 1259687 for CVE-2026-23941",
"url": "https://bugzilla.suse.com/1259687"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-19T11:56:05Z",
"details": "moderate"
}
],
"title": "CVE-2026-23941"
},
{
"cve": "CVE-2026-23942",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23942"
}
],
"notes": [
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal.\n\nThis vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and program routines ssh_sftpd:is_within_root/2.\n\nThe SFTP server uses string prefix matching via lists:prefix/2 rather than proper path component validation when checking if a path is within the configured root directory. This allows authenticated users to access sibling directories that share a common name prefix with the configured root directory. For example, if root is set to /home/user1, paths like /home/user10 or /home/user1_backup would incorrectly be considered within the root.\n\nThis issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to ssh from 3.0.1 until 5.5.1, 5.2.11.6 and 5.1.4.14.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23942",
"url": "https://www.suse.com/security/cve/CVE-2026-23942"
},
{
"category": "external",
"summary": "SUSE Bug 1259681 for CVE-2026-23942",
"url": "https://bugzilla.suse.com/1259681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-19T11:56:05Z",
"details": "moderate"
}
],
"title": "CVE-2026-23942"
},
{
"cve": "CVE-2026-23943",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23943"
}
],
"notes": [
{
"category": "general",
"text": "Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion.\n\nThe SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication without any size limit, enabling reliable memory exhaustion DoS.\n\nTwo compression algorithms are affected:\n\n* zlib: Activates immediately after key exchange, enabling unauthenticated attacks\n* zlib@openssh.com: Activates post-authentication, enabling authenticated attacks\n\nEach SSH packet can decompress ~255 MB from 256 KB of wire data (1029:1 amplification ratio). Multiple packets can rapidly exhaust available memory, causing OOM kills in memory-constrained environments.\n\nThis vulnerability is associated with program files lib/ssh/src/ssh_transport.erl and program routines ssh_transport:decompress/2, ssh_transport:handle_packet_part/4.\n\nThis issue affects OTP from OTP 17.0 until OTP 28.4.1, 27.3.4.9 and 26.2.5.18 corresponding to ssh from 3.0.1 until 5.5.1, 5.2.11.6 and 5.1.4.14.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23943",
"url": "https://www.suse.com/security/cve/CVE-2026-23943"
},
{
"category": "external",
"summary": "SUSE Bug 1259682 for CVE-2026-23943",
"url": "https://bugzilla.suse.com/1259682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-19T11:56:05Z",
"details": "moderate"
}
],
"title": "CVE-2026-23943"
},
{
"cve": "CVE-2026-28808",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-28808"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to CGI scripts protected by directory rules when served via script_alias.\n\nWhen script_alias maps a URL prefix to a directory outside DocumentRoot, mod_auth evaluates directory-based access controls against the DocumentRoot-relative path while mod_cgi executes the script at the ScriptAlias-resolved path. This path mismatch allows unauthenticated access to CGI scripts that directory rules were meant to protect.\n\nThis vulnerability is associated with program files lib/inets/src/http_server/mod_alias.erl, lib/inets/src/http_server/mod_auth.erl, and lib/inets/src/http_server/mod_cgi.erl.\n\nThis issue affects OTP from OTP 17.0 until OTP 28.4.2, 27.3.4.10 and 26.2.5.19 corresponding to inets from 5.10 until 9.6.2, 9.3.2.4 and 9.1.0.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-28808",
"url": "https://www.suse.com/security/cve/CVE-2026-28808"
},
{
"category": "external",
"summary": "SUSE Bug 1261728 for CVE-2026-28808",
"url": "https://bugzilla.suse.com/1261728"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-19T11:56:05Z",
"details": "important"
}
],
"title": "CVE-2026-28808"
},
{
"cve": "CVE-2026-32147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-32147"
}
],
"notes": [
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to modify file attributes outside the configured chroot directory.\n\nThe SFTP daemon (ssh_sftpd) stores the raw, user-supplied path in file handles instead of the chroot-resolved path. When SSH_FXP_FSETSTAT is issued on such a handle, file attributes (permissions, ownership, timestamps) are modified on the real filesystem path, bypassing the root directory boundary entirely.\n\nAny authenticated SFTP user on a server configured with the root option can modify file attributes of files outside the intended chroot boundary. The prerequisite is that a target file must exist on the real filesystem at the same relative path. Note that this vulnerability only allows modification of file attributes; file contents cannot be read or altered through this attack vector.\n\nIf the SSH daemon runs as root, this enables direct privilege escalation: an attacker can set the setuid bit on any binary, change ownership of sensitive files, or make system configuration world-writable.\n\nThis vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and program routines ssh_sftpd:do_open/4 and ssh_sftpd:handle_op/4.\n\nThis issue affects OTP from OTP 17.0 until OTP 28.4.3, 27.3.4.11, and 26.2.5.20 corresponding to ssh from 3.01 until 5.5.3, 5.2.11.7, and 5.1.4.15.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-32147",
"url": "https://www.suse.com/security/cve/CVE-2026-32147"
},
{
"category": "external",
"summary": "SUSE Bug 1262503 for CVE-2026-32147",
"url": "https://bugzilla.suse.com/1262503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:erlang26-epmd-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-26.2.1-150300.7.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-19T11:56:05Z",
"details": "moderate"
}
],
"title": "CVE-2026-32147"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…