VYPR
Medium severity5.3NVD Advisory· Published Mar 26, 2026· Updated Jun 2, 2026

CVE-2026-2100

CVE-2026-2100

Description

A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.