Medium severity5.3NVD Advisory· Published Mar 26, 2026· Updated Jun 2, 2026
CVE-2026-2100
CVE-2026-2100
Description
A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11- cpe:2.3:a:p11-kit_project:p11-kit:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
- osv-coords6 versionspkg:rpm/almalinux/p11-kitpkg:rpm/almalinux/p11-kit-clientpkg:rpm/almalinux/p11-kit-develpkg:rpm/almalinux/p11-kit-serverpkg:rpm/almalinux/p11-kit-trustpkg:rpm/opensuse/p11-kit&distro=openSUSE%20Tumbleweed
< 0.26.2-1.el10+ 5 more
- (no CPE)range: < 0.26.2-1.el10
- (no CPE)range: < 0.26.2-1.el10
- (no CPE)range: < 0.26.2-1.el10
- (no CPE)range: < 0.26.2-1.el10
- (no CPE)range: < 0.26.2-1.el10
- (no CPE)range: < 0.26.2-1.1
Patches
Vulnerability mechanics
References
8- github.com/p11-glue/p11-kit/pull/740nvdIssue TrackingPatch
- access.redhat.com/security/cve/CVE-2026-2100nvdVendor Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingVendor Advisory
- access.redhat.com/errata/RHSA-2026:18143nvd
- access.redhat.com/errata/RHSA-2026:18599nvd
- access.redhat.com/errata/RHSA-2026:21275nvd
- access.redhat.com/errata/RHSA-2026:22634nvd
- access.redhat.com/errata/RHSA-2026:7065nvd
News mentions
0No linked articles in our index yet.