QwikSec

Security Database

CVE

CWE

Training

CVE-2026-21620

Published: Feb 20, 2026

Modified: May 27, 2026

PUBLISHED

Description

Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal. This vulnerability is associated with program files lib/tftp/src/tftp_file.erl, src/tftp_file.erl. This issue affects otp: from 17.0, from 07b8f441ca711f9812fad9e9115bab3c3aa92f79; otp: from 5.10 before 7.0; otp: from 1.0.

Vendor	Product	Versions
Erlang	OTP	affected `17.0 - < ` affected `07b8f441ca711f9812fad9e9115bab3c3aa92f79 - < `
Erlang	OTP	affected `5.10 - < 7.0`
Erlang	OTP	affected `1.0 - < *`

Weaknesses (CWE)

References

https://github.com/erlang/otp/security/advisories/GHSA-hmrc-prh3-rpvp

vendor-advisory

related

https://cna.erlef.org/cves/CVE-2026-21620.html

related

https://osv.dev/vulnerability/EEF-CVE-2026-21620

related

https://www.erlang.org/doc/system/versions.html#order-of-versions

x_version-scheme

https://github.com/erlang/otp/pull/10706

patch

https://github.com/erlang/otp/commit/696fdec922661d4a3cc528fc34bc24fae8d4ad8a

patch

https://github.com/erlang/otp/commit/3970738f687325138eb75f798054fa8960ac354e

patch

https://github.com/erlang/otp/commit/655fb95725ba2fb811740b57e106873833824344

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.