CVE-2026-32144

high Red Hat
CVSS v3 Base Score
7.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Confidentiality
High
Integrity
High
Availability
None
Published: April 7, 2026 (37 days ago)
Last Modified: April 7, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in Erlang OTP public_key. This improper certificate validation vulnerability allows a remote attacker to bypass Online Certificate Status Protocol (OCSP) designated-responder authorization. The vulnerability stems from missing signature verification during OCSP response validation, enabling an attacker to forge responses that mark revoked certificates as valid. Consequently, clients may accept connections to compromised servers, potentially leading to the transmission of sensitive data.

CWE

CWE-347

Affected Products

Red Hat OpenStack Platform 16.2Red Hat OpenStack Platform 17.1Red Hat OpenStack Platform 18.0

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 cna.erlef.org 🔗 github.com