erlang inets

The erlang inets tag covers discussions about the Erlang/OTP HTTP server component, particularly security vulnerabilities. A recent thread highlights CVE-2026-23941, an HTTP request smuggling vulnerability in Erlang Inets Httpd. The issue arises from the server's handling of conflicting Content-Length headers using a first-wins strategy, which can lead to parsing mismatches between front-end and back-end systems. This allows attackers to smuggle malicious requests past security controls. The vulnerability is documented on Microsoft's security update guide, indicating its relevance to Windows environments where Erlang Inets may be deployed. Users interested in Erlang web server security, HTTP parsing issues, or OTP vulnerabilities will find relevant information here.