EEF-CVE-2026-28810

See a problem?
Please try reporting it to the source first.

Source

https://cna.erlef.org/osv/EEF-CVE-2026-28810.html

Import Source

https://cna.erlef.org/osv/EEF-CVE-2026-28810.json

JSON Data

https://api.osv.dev/v1/vulns/EEF-CVE-2026-28810

Aliases

CVE-2026-28810
GHSA-v884-5jg5-whj8

Published

2026-04-07T07:50:11.072Z

Modified

2026-04-08T04:08:49.797Z

Severity

6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver

Details

Summary

Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inetres, inetdb modules) allows DNS Cache Poisoning.

The built-in DNS resolver (inet_res) uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization. Response validation relies almost entirely on this ID, making DNS cache poisoning practical for an attacker who can observe one query or predict the next ID. This conflicts with RFC 5452 recommendations for mitigating forged DNS answers.

inet_res is intended for use in trusted network environments and with trusted recursive resolvers. Earlier documentation did not clearly state this deployment assumption, which could lead users to deploy the resolver in environments where spoofed DNS responses are possible.

This vulnerability is associated with program files lib/kernel/src/inetdb.erl and lib/kernel/src/inetres.erl.

This issue affects OTP from OTP 17.0 until OTP 28.4.2, 27.3.4.10 and 26.2.5.19 corresponding to kernel from 3.0 until 10.6.2, 10.2.7.4 and 9.2.4.11.

Workaround

Install the Erlang nodes in a trusted network shielded from DNS reply spoofing by firewalls, and configure the inet_res resolver to only talk to trusted recursive name servers within that network.

Configuration

The application must use inetres for DNS resolution, either by configuring the lookup method to include dns in the kernel inet configuration, or by calling inetres functions directly. The default Erlang/OTP configuration uses native OS resolution and is not affected.

Database specific

{
    "cwe_ids": [
        "CWE-340"
    ],
    "cpe_ids": [
        "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"
    ],
    "capec_ids": [
        "CAPEC-142"
    ]
}

References

Credits

- Luigino Camastra / Aisle Research - REPORTER
- Raimo Niskanen - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/erlang/otp

Affected ranges

Type: GIT
Repo: https://github.com/erlang/otp
Events: Introduced

07b8f441ca711f9812fad9e9115bab3c3aa92f79

Fixed

36f23c9d2cc54afe83671dd7343596d7972839a5

Fixed

dd15e8eb03548c5e55e9915f0e91389ec6bad9fd

Fixed

b057a9d995017b1be50d6dc02edd52382f3231b8

Affected versions

OTP-17.*

OTP-17.0

OTP-17.0.1

OTP-17.0.2

OTP-17.1

OTP-17.1.1

OTP-17.1.2

OTP-17.2

OTP-17.2.1

OTP-17.2.2

OTP-17.3

OTP-17.3.1

OTP-17.3.2

OTP-17.3.3

OTP-17.3.4

OTP-17.4

OTP-17.4.1

OTP-17.5

OTP-17.5.1

OTP-17.5.2

OTP-17.5.3

OTP-17.5.4

OTP-17.5.5

OTP-17.5.6

OTP-17.5.6.1

OTP-17.5.6.10

OTP-17.5.6.2

OTP-17.5.6.3

OTP-17.5.6.4

OTP-17.5.6.5

OTP-17.5.6.6

OTP-17.5.6.7

OTP-17.5.6.8

OTP-17.5.6.9

OTP-18.*

OTP-18.0

OTP-18.0-rc1

OTP-18.0-rc2

OTP-18.0.1

OTP-18.0.2

OTP-18.0.3

OTP-18.1

OTP-18.1.1

OTP-18.1.2

OTP-18.1.3

OTP-18.1.4

OTP-18.1.5

OTP-18.2

OTP-18.2.1

OTP-18.2.2

OTP-18.2.3

OTP-18.2.4

OTP-18.2.4.0.1

OTP-18.2.4.1

OTP-18.3

OTP-18.3.1

OTP-18.3.2

OTP-18.3.3

OTP-18.3.4

OTP-18.3.4.1

OTP-18.3.4.1.1

OTP-18.3.4.10

OTP-18.3.4.11

OTP-18.3.4.2

OTP-18.3.4.3

OTP-18.3.4.4

OTP-18.3.4.5

OTP-18.3.4.6

OTP-18.3.4.7

OTP-18.3.4.8

OTP-18.3.4.9

OTP-19.*

OTP-19.0

OTP-19.0-rc1

OTP-19.0-rc2

OTP-19.0.1

OTP-19.0.2

OTP-19.0.3

OTP-19.0.4

OTP-19.0.5

OTP-19.0.6

OTP-19.0.7

OTP-19.1

OTP-19.1.1

OTP-19.1.2

OTP-19.1.3

OTP-19.1.4

OTP-19.1.5

OTP-19.1.6

OTP-19.1.6.1

OTP-19.2

OTP-19.2.1

OTP-19.2.2

OTP-19.2.3

OTP-19.2.3.1

OTP-19.3

OTP-19.3.1

OTP-19.3.2

OTP-19.3.3

OTP-19.3.4

OTP-19.3.5

OTP-19.3.6

OTP-19.3.6.1

OTP-19.3.6.10

OTP-19.3.6.11

OTP-19.3.6.12

OTP-19.3.6.13

OTP-19.3.6.2

OTP-19.3.6.3

OTP-19.3.6.4

OTP-19.3.6.5

OTP-19.3.6.6

OTP-19.3.6.7

OTP-19.3.6.8

OTP-19.3.6.9

OTP-20.*

OTP-20.0

OTP-20.0-rc1

OTP-20.0-rc2

OTP-20.0.1

OTP-20.0.2

OTP-20.0.3

OTP-20.0.4

OTP-20.0.5

OTP-20.1

OTP-20.1.1

OTP-20.1.2

OTP-20.1.3

OTP-20.1.4

OTP-20.1.5

OTP-20.1.6

OTP-20.1.7

OTP-20.1.7.1

OTP-20.2

OTP-20.2.0.1

OTP-20.2.1

OTP-20.2.2

OTP-20.2.3

OTP-20.2.4

OTP-20.3

OTP-20.3.1

OTP-20.3.2

OTP-20.3.2.1

OTP-20.3.3

OTP-20.3.4

OTP-20.3.5

OTP-20.3.6

OTP-20.3.7

OTP-20.3.8

OTP-20.3.8.1

OTP-20.3.8.10

OTP-20.3.8.11

OTP-20.3.8.12

OTP-20.3.8.13

OTP-20.3.8.14

OTP-20.3.8.15

OTP-20.3.8.16

OTP-20.3.8.17

OTP-20.3.8.18

OTP-20.3.8.19

OTP-20.3.8.2

OTP-20.3.8.20

OTP-20.3.8.21

OTP-20.3.8.22

OTP-20.3.8.23

OTP-20.3.8.24

OTP-20.3.8.25

OTP-20.3.8.26

OTP-20.3.8.3

OTP-20.3.8.4

OTP-20.3.8.5

OTP-20.3.8.6

OTP-20.3.8.7

OTP-20.3.8.8

OTP-20.3.8.9

OTP-21.*

OTP-21.0

OTP-21.0-rc1

OTP-21.0-rc2

OTP-21.0.1

OTP-21.0.2

OTP-21.0.3

OTP-21.0.4

OTP-21.0.5

OTP-21.0.6

OTP-21.0.7

OTP-21.0.8

OTP-21.0.9

OTP-21.1

OTP-21.1.1

OTP-21.1.2

OTP-21.1.3

OTP-21.1.4

OTP-21.2

OTP-21.2.1

OTP-21.2.2

OTP-21.2.3

OTP-21.2.4

OTP-21.2.5

OTP-21.2.6

OTP-21.2.7

OTP-21.3

OTP-21.3.1

OTP-21.3.2

OTP-21.3.3

OTP-21.3.4

OTP-21.3.5

OTP-21.3.6

OTP-21.3.7

OTP-21.3.7.1

OTP-21.3.8

OTP-21.3.8.1

OTP-21.3.8.10

OTP-21.3.8.11

OTP-21.3.8.12

OTP-21.3.8.13

OTP-21.3.8.14

OTP-21.3.8.15

OTP-21.3.8.16

OTP-21.3.8.17

OTP-21.3.8.18

OTP-21.3.8.19

OTP-21.3.8.2

OTP-21.3.8.20

OTP-21.3.8.21

OTP-21.3.8.22

OTP-21.3.8.23

OTP-21.3.8.24

OTP-21.3.8.3

OTP-21.3.8.4

OTP-21.3.8.5

OTP-21.3.8.6

OTP-21.3.8.7

OTP-21.3.8.8

OTP-21.3.8.9

OTP-22.*

OTP-22.0

OTP-22.0-rc1

OTP-22.0-rc2

OTP-22.0-rc3

OTP-22.0.1

OTP-22.0.2

OTP-22.0.3

OTP-22.0.4

OTP-22.0.5

OTP-22.0.6

OTP-22.0.7

OTP-22.1

OTP-22.1.1

OTP-22.1.2

OTP-22.1.3

OTP-22.1.4

OTP-22.1.5

OTP-22.1.6

OTP-22.1.7

OTP-22.1.8

OTP-22.1.8.1

OTP-22.2

OTP-22.2.1

OTP-22.2.2

OTP-22.2.3

OTP-22.2.4

OTP-22.2.5

OTP-22.2.6

OTP-22.2.7

OTP-22.2.8

OTP-22.3

OTP-22.3.1

OTP-22.3.2

OTP-22.3.3

OTP-22.3.4

OTP-22.3.4.1

OTP-22.3.4.10

OTP-22.3.4.11

OTP-22.3.4.12

OTP-22.3.4.12.1

OTP-22.3.4.13

OTP-22.3.4.14

OTP-22.3.4.15

OTP-22.3.4.16

OTP-22.3.4.17

OTP-22.3.4.18

OTP-22.3.4.19

OTP-22.3.4.2

OTP-22.3.4.20

OTP-22.3.4.21

OTP-22.3.4.22

OTP-22.3.4.23

OTP-22.3.4.24

OTP-22.3.4.25

OTP-22.3.4.26

OTP-22.3.4.27

OTP-22.3.4.3

OTP-22.3.4.4

OTP-22.3.4.5

OTP-22.3.4.6

OTP-22.3.4.7

OTP-22.3.4.8

OTP-22.3.4.9

OTP-23.*

OTP-23.0

OTP-23.0-rc1

OTP-23.0-rc2

OTP-23.0-rc3

OTP-23.0.1

OTP-23.0.2

OTP-23.0.3

OTP-23.0.4

OTP-23.1

OTP-23.1.1

OTP-23.1.2

OTP-23.1.3

OTP-23.1.4

OTP-23.1.4.1

OTP-23.1.5

OTP-23.2

OTP-23.2.1

OTP-23.2.2

OTP-23.2.3

OTP-23.2.4

OTP-23.2.5

OTP-23.2.6

OTP-23.2.7

OTP-23.2.7.1

OTP-23.2.7.2

OTP-23.2.7.3

OTP-23.2.7.4

OTP-23.2.7.5

OTP-23.3

OTP-23.3.1

OTP-23.3.2

OTP-23.3.3

OTP-23.3.4

OTP-23.3.4.1

OTP-23.3.4.10

OTP-23.3.4.11

OTP-23.3.4.12

OTP-23.3.4.13

OTP-23.3.4.14

OTP-23.3.4.15

OTP-23.3.4.16

OTP-23.3.4.17

OTP-23.3.4.18

OTP-23.3.4.19

OTP-23.3.4.2

OTP-23.3.4.20

OTP-23.3.4.3

OTP-23.3.4.4

OTP-23.3.4.5

OTP-23.3.4.6

OTP-23.3.4.7

OTP-23.3.4.8

OTP-23.3.4.9

OTP-24.*

OTP-24.0

OTP-24.0-rc1

OTP-24.0-rc2

OTP-24.0-rc3

OTP-24.0.1

OTP-24.0.2

OTP-24.0.3

OTP-24.0.4

OTP-24.0.5

OTP-24.0.6

OTP-24.1

OTP-24.1.1

OTP-24.1.2

OTP-24.1.3

OTP-24.1.4

OTP-24.1.5

OTP-24.1.6

OTP-24.1.7

OTP-24.2

OTP-24.2.1

OTP-24.2.2

OTP-24.3

OTP-24.3.1

OTP-24.3.2

OTP-24.3.3

OTP-24.3.4

OTP-24.3.4.1

OTP-24.3.4.10

OTP-24.3.4.11

OTP-24.3.4.12

OTP-24.3.4.13

OTP-24.3.4.14

OTP-24.3.4.15

OTP-24.3.4.16

OTP-24.3.4.17

OTP-24.3.4.2

OTP-24.3.4.3

OTP-24.3.4.4

OTP-24.3.4.5

OTP-24.3.4.6

OTP-24.3.4.7

OTP-24.3.4.8

OTP-24.3.4.9

OTP-25.*

OTP-25.0

OTP-25.0-rc1

OTP-25.0-rc2

OTP-25.0-rc3

OTP-25.0.1

OTP-25.0.2

OTP-25.0.3

OTP-25.0.4

OTP-25.1

OTP-25.1.1

OTP-25.1.2

OTP-25.1.2.1

OTP-25.2

OTP-25.2.1

OTP-25.2.2

OTP-25.2.3

OTP-25.3

OTP-25.3.1

OTP-25.3.2

OTP-25.3.2.1

OTP-25.3.2.10

OTP-25.3.2.11

OTP-25.3.2.12

OTP-25.3.2.13

OTP-25.3.2.14

OTP-25.3.2.15

OTP-25.3.2.16

OTP-25.3.2.17

OTP-25.3.2.18

OTP-25.3.2.19

OTP-25.3.2.2

OTP-25.3.2.20

OTP-25.3.2.21

OTP-25.3.2.3

OTP-25.3.2.4

OTP-25.3.2.5

OTP-25.3.2.6

OTP-25.3.2.7

OTP-25.3.2.8

OTP-25.3.2.9

OTP-26.*

OTP-26.0

OTP-26.0-rc1

OTP-26.0-rc2

OTP-26.0-rc3

OTP-26.0.1

OTP-26.0.2

OTP-26.1

OTP-26.1.1

OTP-26.1.2

OTP-26.2

OTP-26.2.1

OTP-26.2.2

OTP-26.2.3

OTP-26.2.4

OTP-26.2.5

OTP-26.2.5.1

OTP-26.2.5.10

OTP-26.2.5.11

OTP-26.2.5.12

OTP-26.2.5.13

OTP-26.2.5.14

OTP-26.2.5.15

OTP-26.2.5.16

OTP-26.2.5.17

OTP-26.2.5.18

OTP-26.2.5.2

OTP-26.2.5.3

OTP-26.2.5.4

OTP-26.2.5.5

OTP-26.2.5.6

OTP-26.2.5.7

OTP-26.2.5.8

OTP-26.2.5.9

OTP-27.*

OTP-27.0

OTP-27.0-rc1

OTP-27.0-rc2

OTP-27.0-rc3

OTP-27.0.1

OTP-27.1

OTP-27.1.1

OTP-27.1.2

OTP-27.1.3

OTP-27.2

OTP-27.2.1

OTP-27.2.2

OTP-27.2.3

OTP-27.2.4

OTP-27.3

OTP-27.3.1

OTP-27.3.2

OTP-27.3.3

OTP-27.3.4

OTP-27.3.4.1

OTP-27.3.4.2

OTP-27.3.4.3

OTP-27.3.4.4

OTP-27.3.4.5

OTP-27.3.4.6

OTP-27.3.4.7

OTP-27.3.4.8

OTP-27.3.4.9

OTP-28.*

OTP-28.0

OTP-28.0-rc1

OTP-28.0-rc2

OTP-28.0-rc3

OTP-28.0-rc4

OTP-28.0.1

OTP-28.0.2

OTP-28.0.3

OTP-28.0.4

OTP-28.1

OTP-28.1.1

OTP-28.2

OTP-28.3

OTP-28.3.1

OTP-28.3.2

OTP-28.3.3

OTP-28.4

OTP-28.4.1

OTP-29.*

OTP-29.0-rc1

OTP-29.0-rc2

Other

patch-base-24

patch-base-25

patch-base-26

patch-base-27

Database specific

source

"https://cna.erlef.org/osv/EEF-CVE-2026-28810.json"