CVE-2026-28810 — Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP…
Image via images.unsplash.com
🚨 CVE-2026-28810 Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inetres, inetdb modules) allows DNS Cache Poisoning. The built-in DNS resolver (inetres) uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port r
Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver
cna.erlef.org
What This Means For You
- Affects Linux systems — review kernel and package updates.
- New vulnerability disclosed — verify if your stack is exposed.
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-28810 | Information Disclosure | Erlang/OTP kernel (inetres, inetdb modules) - Predictable 16-bit transaction ID for UDP queries allows DNS Cache Poisoning. |
| CVE-2026-28810 | Misconfiguration | Erlang/OTP kernel (inetres) - Lack of source port randomization in DNS UDP queries. |
🛠 Recommended Tools
Source & Attribution
| Source Platform | Telegram |
| Channel | CVE Notify |
| Channel ID | 1129491012 |
| Message ID | 158268 |
| Published | April 07, 2026 at 12:26 UTC |
| Original Link | https://cna.erlef.org/cves/CVE-2026-28810.html |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Found this interesting? Follow us to stay ahead.
Share