Patch Package:           OTP 26.2.5.20
Git Tag:                 OTP-26.2.5.20
Date:                    2026-04-21
Trouble Report Id:       OTP-20081, OTP-20101
Seq num:                 CVE-2026-32147, GH-10667, PR-11027
System:                  OTP
Release:                 26
Application:             erts-14.2.5.14, ssh-5.1.4.15
Predecessor:             OTP 26.2.5.19

 Check out the git tag OTP-26.2.5.20, and build a full OTP system
 including documentation. Apply one or more applications from this
 build as patches to your installation using the 'otp_patch_apply'
 tool. For information on install requirements, see descriptions for
 each application version below.

 ---------------------------------------------------------------------
 --- erts-14.2.5.14 --------------------------------------------------
 ---------------------------------------------------------------------

 The erts-14.2.5.14 application can be applied independently of other
 applications on a full OTP 26 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-20101    Application(s): erts
               Related Id(s): GH-10667

               Fixed an issue when supplying the args_file option to
               erl.exe on windows that did not handle unicode
               characters correctly.


 Full runtime dependencies of erts-14.2.5.14: kernel-9.0, sasl-3.3,
 stdlib-4.1


 ---------------------------------------------------------------------
 --- ssh-5.1.4.15 ----------------------------------------------------
 ---------------------------------------------------------------------

 The ssh-5.1.4.15 application can be applied independently of other
 applications on a full OTP 26 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-20081    Application(s): ssh
               Related Id(s): PR-11027, CVE-2026-32147

               Fixed a vulnerability in the SFTP server where file
               attributes could be modified outside the configured
               root directory. When using FSETSTAT on an open file
               handle, the operation used the path stored in the
               handle without verifying it was within the root
               directory, allowing attribute changes to files outside
               the chroot boundary.

               Thanks to John Downey.


 Full runtime dependencies of ssh-5.1.4.15: crypto-5.0, erts-14.0,
 kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-5.0,
 stdlib-5.0


 ---------------------------------------------------------------------
 ---------------------------------------------------------------------
 ---------------------------------------------------------------------