Medium6.5Red Hat Linux Updated
Erlang OTP ssh: Denial of Service via infinite loop in SFTP channel
CVE-2026-54886 Published Jul 2, 2026Updated by vendor Jul 2, 2026
Affected products & platforms
Red Hat LinuxUnclassified
Summary
Erlang OTP ssh: Denial of Service via infinite loop in SFTP channel. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-835.
Affected versions
- 17.0
- 29.0.3
- 28.5.0.3
- 27.3.4.14
- 3.0.1
- 6.0.2
- 5.5.2.2
- 5.2.11.9
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Set the max_channels daemon option to a finite value instead of the default 'infinity' to limit the number of channels an authenticated user can open per connection, reducing the amplification potential of this vulnerability.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.