CVE-2026-2100
MediumCVSS 5.3Exploitation Probability (EPSS)
Elevated risk63th percentile - higher than 63% of all known CVEs
Summary
A flaw was found in p11-kit where a remote attacker could exploit the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially causing a NULL dereference or undefined behavior.
Risk Assessment
This vulnerability may result in application-level denial of service or other unpredictable system states, threatening the stability and availability of services using p11-kit.
Recommendation
Update p11-kit to the latest patched version immediately. Until the update is applied, restrict access to remote tokens and monitor for unusual application behavior.
Original NVD description (English source)
A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.

