CVE-2026-21620 | Erlang OTP up to 6.x/inets@6.x tftp_file tftp_file.erl path traversal (GHSA-hmrc-prh3-rpvp)

Inserito da Angelo Barbosa | Feb 20, 2026 | CVE

A vulnerability labeled as critical has been found in Erlang OTP up to 6.x/inets@6.x. This issue affects some unknown processing in the library lib/tftp/src/tftp_file.erl of the component tftp_file. Executing a manipulation can lead to relative path traversal.

This vulnerability appears as CVE-2026-21620. The attack may be performed from remote. There is no available exploit.

The affected component should be upgraded.

CVE-2026-21620 | Erlang OTP up to 6.x/inets@6.x tftp_file tftp_file.erl path traversal (GHSA-hmrc-prh3-rpvp)

Post correlati

CVE-2024-52313 | Amazon data.all up to 2.6.0 getDataset authorization (GHSA-hx8q-7wxv-6c7c)

CVE-2025-9231 | OpenSSL up to 3.2.5/3.3.4/3.4.2/3.5.3 on 64-bit ARM SM2 covert timing channel

CVE-2026-1896 | WeKan up to 8.20 Migration Operation comprehensiveBoardMigration.js ComprehensiveBoardMigration boardId MigrationBleed access control

CVE-2023-49252 | Siemens SIMATIC CN 4100 up to 2.6 IP Configuration denial of service (ssa-777015)