CVE-2026-32144 Vulnerability Analysis & Exploit Details

CVE-2026-32144 Vulnerability Summary

CVE-2026-32144: Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in public_key:pkix_ocsp_validate/5 does not verify that a CA-designated responder certificate was cryptographically signed by the issuing CA. Instead, it only checks that the responder certificate's issuer name matches the CA's subject name and that the certificate has the OCSPSigning extended key usage. An attacker who can intercept or control OCSP responses can create a self-signed certificate with a matching issuer name and the OCSPSigning EKU, and use it to forge OCSP responses that mark revoked certificates as valid. This affects SSL/TLS clients using OCSP stapling, which may accept connections to servers with revoked certificates, potentially transmitting sensitive data to compromised servers. Applications using the public_key:pkix_ocsp_validate/5 API directly are also affected, with impact depending on usage context. This vulnerability is associated with program files lib/public_key/src/pubkey_ocsp.erl and program routines pubkey_ocsp:is_authorized_responder/3. This issue affects OTP from OTP 27.0 until OTP 28.4.2 and 27.3.4.10 corresponding to public_key from 1.16 until 1.20.3 and 1.17.1.2, and ssl from 11.2 until 11.5.4 and 11.2.12.7.

CVE-2026-32144 References

External References

• https://cna.erlef.org/cves/CVE-2026-32144.html
• https://github.com/erlang/otp/commit/49033a6d93a5be0ee0dce04e1fb8b4ae7de1e0c0
• https://github.com/erlang/otp/commit/ac7ff528be857c5d35eb29c7f24106e3a16d4891
• https://github.com/erlang/otp/security/advisories/GHSA-gxrm-pf64-99xm
• https://osv.dev/vulnerability/EEF-CVE-2026-32144
• https://www.erlang.org/doc/system/versions.html#order-of-versions

CWE Common Weakness Enumeration

CAPEC Common Attack Pattern Enumeration and Classification

• Creating a Rogue Certification Authority Certificate CAPEC-459 An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
• Signature Spoofing by Improper Validation CAPEC-475 An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.

Vulnerable Configurations

• cpe:2.3:a:erlang:erlang\/otp:27.0:-:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:27.0:-:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:27.0.1:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:27.0.1:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:27.0:rc1:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:27.0:rc1:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:27.0:rc2:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:27.0:rc2:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:27.0:rc3:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:27.0:rc3:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:27.1:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:27.1:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:27.1.1:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:27.1.1:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:27.1.2:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:27.1.2:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:27.1.3:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:27.1.3:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:27.2:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:27.2:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:27.2.1:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:27.2.1:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:27.2.2:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:27.2.2:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:27.2.3:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:27.2.3:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:27.2.4:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:27.2.4:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:27.3:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:27.3:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:27.3.1:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:27.3.1:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:27.3.2:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:27.3.2:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:27.3.3:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:27.3.3:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:27.3.4:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:27.3.4:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:27.3.4.1:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:27.3.4.1:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:27.3.4.2:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:27.3.4.2:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:27.3.4.3:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:27.3.4.3:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:27.3.4.4:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:27.3.4.4:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:27.3.4.5:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:27.3.4.5:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:27.3.4.6:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:27.3.4.6:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:27.3.4.7:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:27.3.4.7:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:27.3.4.8:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:27.3.4.8:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:27.3.4.9:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:27.3.4.9:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:28.0:-:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:28.0:-:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:28.0.1:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:28.0.1:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:28.0.2:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:28.0.2:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:28.0.3:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:28.0.3:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:28.0.4:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:28.0.4:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:28.0:rc1:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:28.0:rc1:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:28.0:rc2:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:28.0:rc2:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:28.0:rc3:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:28.0:rc3:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:28.0:rc4:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:28.0:rc4:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:28.1:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:28.1:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:28.1.1:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:28.1.1:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:28.2:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:28.2:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:28.3:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:28.3:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:28.3.1:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:28.3.1:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:28.3.2:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:28.3.2:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:28.3.3:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:28.3.3:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:28.4:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:28.4:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/otp:28.4.1:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/otp:28.4.1:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/public_key:1.16:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/public_key:1.16:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/public_key:1.16.1:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/public_key:1.16.1:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/public_key:1.16.2:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/public_key:1.16.2:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/public_key:1.16.3:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/public_key:1.16.3:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/public_key:1.16.4:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/public_key:1.16.4:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/public_key:1.17:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/public_key:1.17:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/public_key:1.17.1:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/public_key:1.17.1:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/public_key:1.17.1.1:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/public_key:1.17.1.1:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/public_key:1.18:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/public_key:1.18:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/public_key:1.18.1:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/public_key:1.18.1:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/public_key:1.18.2:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/public_key:1.18.2:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/public_key:1.18.3:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/public_key:1.18.3:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/public_key:1.19:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/public_key:1.19:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/public_key:1.20:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/public_key:1.20:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/public_key:1.20.1:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/public_key:1.20.1:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/public_key:1.20.2:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/public_key:1.20.2:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/ssl:11.2:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/ssl:11.2:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/ssl:11.2.1:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/ssl:11.2.1:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/ssl:11.2.2:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/ssl:11.2.2:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/ssl:11.2.3:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/ssl:11.2.3:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/ssl:11.2.4:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/ssl:11.2.4:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/ssl:11.2.5:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/ssl:11.2.5:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/ssl:11.2.6:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/ssl:11.2.6:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/ssl:11.2.7:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/ssl:11.2.7:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/ssl:11.2.8:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/ssl:11.2.8:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/ssl:11.2.9:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/ssl:11.2.9:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/ssl:11.2.10:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/ssl:11.2.10:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/ssl:11.2.11:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/ssl:11.2.11:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/ssl:11.2.12:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/ssl:11.2.12:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/ssl:11.2.12.1:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/ssl:11.2.12.1:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/ssl:11.2.12.2:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/ssl:11.2.12.2:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/ssl:11.2.12.3:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/ssl:11.2.12.3:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/ssl:11.2.12.4:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/ssl:11.2.12.4:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/ssl:11.2.12.5:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/ssl:11.2.12.5:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/ssl:11.3.1:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/ssl:11.3.1:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/ssl:11.3.2:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/ssl:11.3.2:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/ssl:11.4:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/ssl:11.4:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/ssl:11.4.1:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/ssl:11.4.1:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/ssl:11.4.2:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/ssl:11.4.2:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/ssl:11.5:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/ssl:11.5:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/ssl:11.5.1:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/ssl:11.5.1:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/ssl:11.5.2:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/ssl:11.5.2:*:*:*:*:*:*:*
• cpe:2.3:a:erlang:erlang\/ssl:11.5.3:*:*:*:*:*:*:*
  cpe:2.3:a:erlang:erlang\/ssl:11.5.3:*:*:*:*:*:*:*

Other 5 Recently Published CVEs Vulnerabilities

• CVE-2026-6956 – ATutor is vulnerable to Reflected XSS in /install/install.php endpoint. An attacker can provide a specially crafted URL that, when opened, results ...
• CVE-2026-6909 – ATutor is vulnerable to Reflected XSS in /install/upgrade.php endpoint. An attacker can provide a specially crafted URL that, when opened, results ...
• CVE-2026-41951 – Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when ...
• CVE-2026-40636 – Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. A...
• CVE-2026-35157 – Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements i...