Patch Package:           OTP 26.2.5.19
Git Tag:                 OTP-26.2.5.19
Date:                    2026-04-07
Trouble Report Id:       OTP-20037, OTP-20068
Seq num:                 CVE-2026-28810, PR-10864
System:   …

Erlang Forums is a community-driven platform for discussions related to the Erlang programming language, the Erlang virtual machine (BEAM), and related technologies such as OTP (Open Telecom Platform) and distributed systems. With dedicated forums covering topics like Erlang syntax, OTP frameworks, concurrency primitives, and fault-tolerant design patterns, Erlang Forums offers a resources for Erlang developers and enthusiasts to ask questions, share insights, and collaborate on Erlang-based projects. Whether you're a seasoned Erlang developer or a newcomer exploring functional programming, Erlang Forums provides a supportive community to help you learn and grow in your journey with Erlang.

Erlang Forums

OTP 26.2.5.19 is a security-focused patch release for Erlang/OTP 26. It addresses two CVEs: CVE-2026-28808 fixes an authentication bypass in the inets httpd server where script_alias could map URLs to directories outside document_root, bypassing mod_auth access controls. CVE-2026-28810 fixes the built-in DNS resolver (inet_res) which previously used sequential, predictable 16-bit transaction IDs and no source port randomization, making DNS cache poisoning practical. The fix introduces strong random transaction IDs and source port randomization, with an opt-out for trusted network environments. Documentation is also updated to clarify that inet_res is intended for trusted networks only.

Patch Package OTP 26.2.5.19 Released