CVE-2026-48856

Published: Giu 10, 2026 Last Modified: Giu 10, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,1
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: passive
Confidentiality: N/A
Integrity: N/A
Availability: N/A

Description

AI Translation Available

Sensitive Data Exposure vulnerability in Erlang OTP inets (httpc_response module) allows Retrieve Embedded Sensitive Data.

The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary. httpc_response:redirect/2 constructs the redirected request by updating only the host field of the header record; all other fields (including authorization and proxy_authorization) are copied verbatim. The redirect target host is never compared against the original host.

autoredirect defaults to true, so this affects all httpc callers that do not explicitly disable automatic redirects.

An attacker who controls a server that the victim contacts via httpc can issue a cross-origin 3xx redirect to a server they also control. The Authorization header (including Basic credentials derived from URL userinfo via httpc_request:handle_user_info/2) is forwarded to the redirect target, allowing credential theft. The same applies to the Proxy-Authorization header.

This vulnerability is associated with program files lib/inets/src/http_client/httpc_response.erl.

This issue affects OTP from 17.0 before 29.0.2, 28.5.0.2 and 27.3.4.13 corresponding to inets from 5.10 before 9.7.1, 9.6.2.2 and 9.3.2.6.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0004
Percentile
0,1th
Updated

EPSS Score Trend (Last 4 Days)

601

URL Redirection to Untrusted Site ('Open Redirect')

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control Confidentiality Other
Potential Impacts:
Bypass Protection Mechanism Gain Privileges Or Assume Identity Other
Applicable Platforms
Technologies: Web Based, Web Server
Likelihood of Exploit: Low
View CWE Details
https://cna.erlef.org/cves/CVE-2026-48856.html
https://cna.erlef.org/cves/CVE-2026-48856.html
https://github.com/erlang/otp/commit/688d748d6f7a6a06b13b66…
https://github.com/erlang/otp/commit/688d748d6f7a6a06b13b662a1d3de8af97079612
https://github.com/erlang/otp/security/advisories/GHSA-m75x…
https://github.com/erlang/otp/security/advisories/GHSA-m75x-4vwg-ggjh
https://osv.dev/vulnerability/EEF-CVE-2026-48856
https://osv.dev/vulnerability/EEF-CVE-2026-48856
https://www.erlang.org/doc/system/versions.html#order-of-ve…
https://www.erlang.org/doc/system/versions.html#order-of-versions