Impact
The vulnerability occurs in GnuTLS’s PIN management routine. When an attacker calls gnutls_pkcs11_token_set_pin to change the Security Officer PIN with a NULL old PIN on a token that lacks a protected authentication path, a use‑after‑free is triggered. This results in memory corruption and is identified as CWE‑825.
Affected Systems
Red Hat Enterprise Linux versions 10, 6, 7, 8, 9, including Red Hat Hardened Images, as well as Red Hat OpenShift Container Platform 4. All affected systems ship the vulnerable GnuTLS package; the advisory RHSA‑2026:20611–13 applies to these distributions, but specific package versions are not listed in the CVE data.
Risk and Exploitability
The CVSS score of 6.6 indicates moderate severity, while an EPSS score of less than 1% suggests the likelihood of exploitation is low. The vulnerability is not listed in the CISA KEV catalog. Exploitation would likely require local or privileged access to a PKCS#11 token and the ability to call the PIN‑change function; it is not an obvious remote attack vector.
OpenCVE Enrichment
Debian DLA
Debian DSA
Ubuntu USN