Vulnerability in Pion DTLS: Go Implementation of Datagram Transport Layer Security
CVE-2026-26014
5.9MEDIUM
What is CVE-2026-26014?
Pion DTLS is a Go-based implementation of Datagram Transport Layer Security that has a vulnerability stemming from the random nonce generation used in AES GCM ciphers. This design issue enables remote attackers to potentially obtain the authentication key by exploiting nonce reuse within a session. The vulnerability allows attackers to spoof data effectively, posing significant risks to the integrity and security of communications. Users are advised to upgrade to version 3.1.0 or later to mitigate this risk.
Affected Version(s)
dtls = 3.1.0 = 3.1.0
dtls < 3.0.11 < 3.0.11
