The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2022-37026

CVE-2022-37026: Erlang/OTP Auth Bypass Vulnerability

CVE-2022-37026 is a client authentication bypass flaw in Erlang/OTP affecting SSL, TLS, and DTLS protocols. Attackers can bypass certificate validation in specific scenarios. This article covers technical details, affected versions, impact analysis, and mitigation strategies.

Published: February 18, 2026

CVE-2022-37026 Overview

CVE-2022-37026 is a critical authentication bypass vulnerability affecting Erlang/OTP's SSL, TLS, and DTLS implementations. The vulnerability allows attackers to bypass client certificate authentication in certain client-certification situations, potentially enabling unauthorized access to systems that rely on certificate-based authentication for security.

Critical Impact

This authentication bypass vulnerability allows attackers to circumvent client certificate verification in SSL/TLS/DTLS connections, potentially gaining unauthorized access to protected resources without valid credentials.

Affected Products

  • Erlang/OTP versions before 23.3.4.15
  • Erlang/OTP versions 24.x before 24.3.4.2
  • Erlang/OTP versions 25.x before 25.0.2

Discovery Timeline

  • September 21, 2022 - CVE-2022-37026 published to NVD
  • May 27, 2025 - Last updated in NVD database

Technical Details for CVE-2022-37026

Vulnerability Analysis

This vulnerability resides in Erlang/OTP's implementation of client certificate authentication for secure communication protocols including SSL, TLS, and DTLS. When client certificate verification is enabled on a server, the implementation fails to properly validate client certificates under certain conditions, allowing an attacker to establish a connection without presenting valid credentials.

The authentication bypass affects applications that rely on mutual TLS (mTLS) authentication, where both the server and client must present valid certificates to establish a secure connection. This is a common pattern for securing microservices communication, API endpoints, and enterprise applications built on the Erlang/OTP platform.

Erlang/OTP is widely used in telecommunications, messaging platforms, and distributed systems. Products built on Erlang, such as RabbitMQ, CouchDB, and various telecommunications infrastructure, may be affected if they utilize client certificate authentication.

Root Cause

The root cause lies in improper validation logic within Erlang/OTP's SSL/TLS/DTLS handler during the client certificate verification phase. Under specific client-certification scenarios, the verification process can be bypassed, allowing connections to proceed without proper authentication of the client's identity. The exact implementation flaw allows certain malformed or missing certificate chains to pass validation checks that should otherwise reject the connection.

Attack Vector

The vulnerability is exploitable over the network without requiring any privileges or user interaction. An attacker targeting a system that uses Erlang/OTP's SSL/TLS/DTLS with client certificate authentication can craft malicious connection requests that bypass the certificate verification process.

The attack scenario involves:

  1. Identifying a target system using Erlang/OTP with client certificate authentication enabled
  2. Initiating a TLS/DTLS connection to the target service
  3. Exploiting the verification bypass during the certificate exchange phase
  4. Gaining unauthorized access to the protected service

Since no proof-of-concept code is publicly available, the specific exploitation technique details are not published. For technical details, refer to the GitHub OTP Version Comparison which shows the changes made between vulnerable and patched versions.

Detection Methods for CVE-2022-37026

Indicators of Compromise

  • Unexpected successful TLS/SSL connections from clients without valid certificates in authentication logs
  • Anomalous connection patterns to services requiring mutual TLS authentication
  • Authentication events showing bypass or missing certificate validation steps
  • Connections from unknown or unauthorized sources to certificate-protected endpoints

Detection Strategies

  • Monitor SSL/TLS handshake events for connections that complete successfully without valid client certificate presentation
  • Implement network traffic analysis to detect anomalous connection patterns to mTLS-protected services
  • Review application logs for authentication events that indicate certificate verification was bypassed
  • Deploy intrusion detection rules to flag suspicious TLS negotiation behavior

Monitoring Recommendations

  • Enable verbose logging for Erlang/OTP SSL applications to capture certificate verification events
  • Implement real-time alerting for authentication anomalies on services using client certificates
  • Monitor connection metadata to identify clients connecting without expected certificate attributes
  • Conduct periodic audits of successful connections against expected client certificate inventory

How to Mitigate CVE-2022-37026

Immediate Actions Required

  • Upgrade Erlang/OTP to version 23.3.4.15 or later for the 23.x branch
  • Upgrade Erlang/OTP to version 24.3.4.2 or later for the 24.x branch
  • Upgrade Erlang/OTP to version 25.0.2 or later for the 25.x branch
  • Audit all services using Erlang/OTP SSL/TLS/DTLS with client certificate authentication
  • Review connection logs for any evidence of exploitation prior to patching

Patch Information

Erlang has released patched versions that address this authentication bypass vulnerability. The fixes are available in:

  • Erlang/OTP 23.3.4.15 - View changes on GitHub
  • Erlang/OTP 24.3.4.2
  • Erlang/OTP 25.0.2

Additional information is available in the Erlang Forums Announcements and the OTP 25.1 Release Notes. Debian users should refer to the Debian LTS Announcement for distribution-specific guidance.

Workarounds

  • Consider disabling client certificate authentication temporarily if patching is not immediately possible
  • Implement additional network-layer access controls to restrict which clients can reach affected services
  • Deploy a reverse proxy or TLS termination layer with separate certificate validation
  • Monitor and audit all connections to affected services until patches can be applied
bash
# Verify installed Erlang/OTP version
erl -eval 'erlang:display(erlang:system_info(otp_release)), halt().' -noshell

# Check for vulnerable versions (output should be 23.3.4.15+, 24.3.4.2+, or 25.0.2+)
# Upgrade using your package manager or from source:
# For source installation, download from erlang.org/downloads

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeAuth Bypass
  • Vendor/TechErlang
  • SeverityCRITICAL
  • CVSS Score9.8
  • EPSS Probability0.26%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • NVD-CWE-noinfo
  • Technical References
  • Debian LTS Announcement
  • Vendor Resources
  • Erlang Forums Announcement
  • Erlang OTP 25.1 Release
  • GitHub OTP Version Comparison
  • Related CVEs
  • CVE-2026-23943: Erlang OTP SSH Compression Bomb DoS Flaw
  • CVE-2026-23942: Erlang OTP Path Traversal Vulnerability
  • CVE-2025-32433: Erlang/OTP SSH Server RCE Vulnerability
  • CVE-2025-26618: Erlang/OTP SSH SFTP DoS Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English