Erlang security advisory (AV26-581)

Serial number: AV26-581
Date: June 10, 2026

On June 10, 2026, Erlang published security advisories to address vulnerabilities in the following products:

• OTP – versions prior to 27.3.4.13, 28.5.0.2 and 29.0.2
• erts (OTP) – versions prior to 15.2.7.9, 16.4.0.2 and 17.0.2
• inets (otp) – versions prior to 9.7.1, 9.6.2.2 and 9.3.2.6
• ssl (OTP) – versions prior to 11.7.2, 11.6.0.2 and 11.2.12.9

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Unbounded Stack Buffer Overflow in SCTP Error Cause Parsing in inet_drv
• Distribution-over-TLS LAN Allowlist is Silently Bypassed
• httpc leaks Authorization header to cross-origin redirect targets
• Erlang Security