Description
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.0.10 and 3.1.0 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack". Upgrade to v3.0.11, v3.1.1, or later.
Published: 2026-02-11
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Authentication key exposure and data spoofing
Action: Apply patch
AI Analysis

Impact

Pion DTLS uses random nonce generation with AES GCM ciphers; when a nonce is reused, the authentication key can be extracted, letting a remote attacker impersonate a peer and inject forged data. This weakness compromises both confidentiality of the key material and integrity of the communication channel, allowing attackers to spoof packets and potentially bypass application‑level authentication.

Affected Systems

The vulnerability affects pion:dtls versions v1.0.0 through v3.0.10 and v3.1.0. The issue was resolved in releases v3.0.11 and v3.1.1, and in any later version of the library.

Risk and Exploitability

The CVSS base score of 5.9 marks it as moderate severity, while the EPSS score of less than 1% indicates a very low exploitation probability at the time of analysis. The vulnerability is not listed in CISA’s KEV catalog. The implied attack vector is remote network access—an attacker can trigger the flaw by sending crafted DTLS traffic to a vulnerable process. No explicit authentication or privileged access is required, so the potential impact is widespread among systems that use the affected DTLS library.

Generated by OpenCVE AI on April 18, 2026 at 12:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the pion:dtls library to version 3.0.11, 3.1.1, or later according to the official release notes
  • Update the project's go.mod (or other dependency files) to reference the patched library version to ensure builds use the updated nonce logic
  • If DTLS is not required for a particular service, consider disabling or removing it to eliminate the vulnerable code path

Generated by OpenCVE AI on April 18, 2026 at 12:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-9f3f-wv7r-qc8r Pion DTLS's usage of random nonce generation with AES GCM ciphers risks leaking the authentication key
History

Fri, 13 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:pion:dtls:*:*:*:*:*:*:*:*

Fri, 13 Feb 2026 14:30:00 +0000

Type Values Removed Values Added
Description Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.1.0 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack". Upgrade to v3.1.0 or later. Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.0.10 and 3.1.0 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack". Upgrade to v3.0.11, v3.1.1, or later.
References

Thu, 12 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-323
References
Metrics threat_severity

None

 threat_severity

Moderate

Thu, 12 Feb 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Pion
Pion dtls
Vendors & Products Pion
Pion dtls

Wed, 11 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
Description Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.1.0 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack". Upgrade to v3.1.0 or later.
Title Pion DTLS uses random nonce generation with AES GCM ciphers risks leaking the authentication key
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Pion Dtls
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-13T14:18:02.707Z

Reserved: 2026-02-09T21:36:29.554Z

Link: CVE-2026-26014

cve-icon Vulnrichment

Updated: 2026-02-12T21:23:24.056Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-11T21:16:21.257

Modified: 2026-02-25T17:40:28.640

Link: CVE-2026-26014

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-11T21:07:50Z

Links: CVE-2026-26014 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T12:45:45Z

Weaknesses