CVE-2026-2100 - Vulnerability Details - OpenCVE

No description is available for this CVE.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

Project Subscriptions

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2026-2100
https://www.cve.org/CVERecord?id=CVE-2026-2100

History

Sat, 07 Feb 2026 00:15:00 +0000

Type	Values Removed	Values Added
Description		No description is available for this CVE.
Title		p11-kit: p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters
Weaknesses		CWE-824
References		https://nvd.nist.gov/vuln/detail/CVE-2026-2100 https://www.cve.org/CVERecord?id=CVE-2026-2100
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}` threat_severity `Moderate`

Projects

Sign in to view the affected projects.

MITRE

No data.

Vulnrichment

No data.

NVD

No data.

Redhat

Severity : Moderate

Publid Date: 2026-02-06T08:08:00Z

Links: CVE-2026-2100 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-824

{"acknowledgement": "This issue was discovered by Zoltan Fridrich (Red Hat).", "bugzilla": {"description": "p11-kit: p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters", "id": "2437308", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437308"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-824", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-2100", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "p11-kit", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "p11-kit", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "p11-kit", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "p11-kit", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "p11-kit", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-02-06T08:08:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-2100\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-2100"], "statement": "This MODERATE impact flaw in p11-kit allows a remote attacker to cause an application level denial of service or unpredictable system states. Exploitation occurs when the C_DeriveKey function is called on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This affects Red Hat Enterprise Linux 9.8 and 10.2, Fedora 42 and 43, and Red Hat In-Vehicle OS 2.0. Other Red Hat products, including OpenShift Container Platform and various RHEL versions, are not affected as the vulnerable code is not present.", "threat_severity": "Moderate"}