CVE-2026-54908
MediumCVSS 6.3Exploitation Probability (EPSS)
Low risk24th percentile — higher than 24% of all known CVEs
Summary
Pion DTLS library versions prior to 3.1.4 are vulnerable to remote denial of service via a panic triggered while parsing a crafted ECDHE_PSK ServerKeyExchange message. The issue is fixed in version 3.1.4.
Risk Assessment
An attacker can remotely crash applications using the vulnerable library, causing service disruption and potential financial or operational losses.
Recommendation
Immediately upgrade Pion DTLS to version 3.1.4 or later, which contains the fix for this vulnerability.
Original NVD description (English source)
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Versions prior to 3.1.4 are vulnerable to Remote Denial of Service via panic while parsing a crafted ECDHE_PSK ServerKeyExchange message. This issue has been fixed in version 3.1.4.

