Vulnerability in Pion DTLS: Go Implementation of Datagram Transport Layer Security
CVE-2026-26014

5.9MEDIUM

Key Information:

Vendor

Pion

Status
Vendor
CVE Published:
11 February 2026

What is CVE-2026-26014?

Pion DTLS is a Go-based implementation of Datagram Transport Layer Security that has a vulnerability stemming from the random nonce generation used in AES GCM ciphers. This design issue enables remote attackers to potentially obtain the authentication key by exploiting nonce reuse within a session. The vulnerability allows attackers to spoof data effectively, posing significant risks to the integrity and security of communications. Users are advised to upgrade to version 3.1.0 or later to mitigate this risk.

Affected Version(s)

dtls = 3.1.0 = 3.1.0

dtls < 3.0.11 < 3.0.11

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.