Remote Denial of Service Vulnerability in Pion DTLS by Pion
CVE-2026-54908

6.3MEDIUM

Key Information:

Vendor

Pion

Status
Vendor
CVE Published:
1 July 2026

What is CVE-2026-54908?

Pion DTLS, a Go implementation of Datagram Transport Layer Security, is susceptible to a Remote Denial of Service vulnerability. This issue arises from a panic triggered during the parsing of a crafted ECDHE_PSK ServerKeyExchange message, which could potentially disrupt service availability. The vulnerability has been rectified in version 3.1.4, and users are advised to upgrade to this version or newer to mitigate the risk.

Affected Version(s)

dtls < 3.1.4

References

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.