CVE-2026-2100

HIGH EPSS 62.3%
Published Mar 26, 20263mo ago · Modified Jun 22, 20261w ago
7.5 CVSS 3.1
High
Find Similar
Published Mar 26, 2026 3mo ago
Last Modified Jun 22, 2026 1w ago

Description

A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.

CVSS Details

Base Score
7.5
Exploitability
3.9
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
62.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-824

Affected Products 4

VendorProductVersionRange
p11-kit_projectp11-kit*any
redhathardened_images*any
redhatenterprise_linux9.0any
redhatenterprise_linux10.0any

References 9

Remediation

  • github.com https://github.com/p11-glue/p11-kit/pull/740
    Issue TrackingPatch