{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-48860/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-11T04:45:42.753Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-48860","@id":"https://www.cve.org/CVERecord?id=CVE-2026-48860","description":"Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl (inet_tls_dist module) allows unauthenticated bypass of the distribution-over-TLS LAN allowlist.\n\nThe inet_tls_dist:check_ip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead of inet:peername/1 to obtain the peer's IP address. Because inet:sockname/1 returns the local socket address, both the local IP and the supposed peer IP resolve to the same value, causing the su"},"products":[{"@id":"cpe:2.3:a:erlang:otp:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:erlang:otp:*:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"Update to a fixed version: *, 0209a6df65d605552b378273027b3968b35f26b4.","timestamp":"2026-06-11T04:45:42.753Z"}]}