A vulnerability classified as problematic was found in Erlang OTP up to 29.0.1 . This affects an unknown function in the library lib/ssh/src/ssh_auth.erl . Such manipulation leads to observable timing discrepancy. This vulnerability is uniquely identified as CVE-2026-48859 . The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.