Erlang security advisory (AV26-651)
Serial number: AV26-651 Date: July 3, 2026 On July 2, 2026, Erlang published security advisories to address vulnerabilities in the following products: OTP – versions prior to 27.3.4.14, 28.5.0.3 and 29.0.3 SSL (OTP) – versions prior to 11.7.3, 11.6.0.3 and 11.2.12.10 The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. Denial-of-Service for TLS-1.3 server Using Session Tickets DTLS Denial of Service Erlang Security
CSIRTS triage
- What
- Vulnerabilities in Erlang can cause denial-of-service for TLS-1.3 servers using session tickets and DTLS.
- Who is affected
- Deployments of Erlang versions prior to the specified versions are affected.
- Urgency
- Remediation is important to prevent denial-of-service attacks.
- Action
- Update Erlang to the specified versions or later.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Erlang
Get an email when a new Erlang advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://cyber.gc.ca/en/alerts-advisories/erlang-security-advisory-av26-651
More from Canadian Centre for Cyber Security
- unknownBitWarden security advisory (AV26-683)2026-07-10
- criticalAL25-007 - Vulnerability impacting Roundcube Webmail – CVE-2025-49113 – Update 12026-07-10
- unknownMicrosoft Edge security advisory (AV26-682)2026-07-10
- criticalBroadcom VMware security advisory (AV26-681)2026-07-10
- unknownDjango security advisory (AV26-084) – Update 12026-07-09