Erlang/OTP 26.2.5.9

This release of Erlang/OTP can be built from source or installed using pre-built packages for your OS or third-party tools (such as kerl, asdf or mise).

docker run -it erlang:26.2.5.9
Erlang/OTP 26.2.5.9
View on github.com
Patch Package OTP 26.2.5.9
Git Tag OTP-26.2.5.9
Date 2025-02-20
Issue Id
CVE-2025-26618
ERIERL-1173
System OTP
Release 26
Application

erts-14.2.5.8 #

The erts-14.2.5.8 application can be applied independently of other applications on a full OTP 26 installation.

OTP-19495
Application(s):
erts
Related Id(s):
GH-8208 , PR-8209

Fixed BEAM crash when a custom thread sends a large map (>128 keys) externally encoded with for example erl_drv_send_term().

Full runtime dependencies of erts-14.2.5.8: kernel-9.0, sasl-3.3, stdlib-4.1

ssh-5.1.4.6 #

The ssh-5.1.4.6 application can be applied independently of other applications on a full OTP 26 installation.

OTP-19466
Application(s):
ssh
Related Id(s):
ERIERL-1173 , CVE-2025-26618

SFTP packets exceeding max packet size are not processed and dropped.

Full runtime dependencies of ssh-5.1.4.6: crypto-5.0, erts-14.0, kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-5.0, stdlib-5.0

Thanks To #

Simon Cornish