Moderate severityNVD Advisory· Published Feb 11, 2026· Updated Feb 13, 2026
Pion DTLS uses random nonce generation with AES GCM ciphers risks leaking the authentication key
CVE-2026-26014
Description
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.0.10 and 3.1.0 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack". Upgrade to v3.0.11, v3.1.1, or later.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/pion/dtls/v3Go | >= 3.1.0, < 3.1.1 | 3.1.1 |
github.com/pion/dtls/v2Go | <= 2.2.12 | — |
github.com/pion/dtlsGo | <= 1.5.4 | — |
github.com/pion/dtls/v3Go | < 3.0.11 | 3.0.11 |
Affected products
42- osv-coords41 versionspkg:apk/chainguard/frppkg:apk/chainguard/ipfs-clusterpkg:apk/chainguard/ipfs-cluster-fipspkg:apk/chainguard/k3spkg:apk/chainguard/k3s-1.33pkg:apk/chainguard/k3s-1.35pkg:apk/chainguard/k3s-staticpkg:apk/chainguard/k3s-static-1.33pkg:apk/chainguard/k3s-static-1.35pkg:apk/chainguard/kubopkg:apk/chainguard/kubo-fipspkg:apk/chainguard/livekit-clipkg:apk/chainguard/livekit-egresspkg:apk/chainguard/livekit-serverpkg:apk/chainguard/livekit-server-fipspkg:apk/chainguard/rke2-runtime-1.31pkg:apk/chainguard/rke2-runtime-1.32pkg:apk/chainguard/rke2-runtime-1.33pkg:apk/chainguard/rke2-runtime-1.34pkg:apk/chainguard/rke2-runtime-1.35pkg:apk/chainguard/rke2-runtime-fips-1.33pkg:apk/chainguard/rke2-runtime-fips-1.34pkg:apk/chainguard/rke2-runtime-fips-1.35pkg:apk/chainguard/spegelpkg:apk/chainguard/spegel-fipspkg:apk/chainguard/telegraf-1.37pkg:apk/wolfi/frppkg:apk/wolfi/ipfs-clusterpkg:apk/wolfi/k3spkg:apk/wolfi/k3s-1.33pkg:apk/wolfi/k3s-1.35pkg:apk/wolfi/k3s-staticpkg:apk/wolfi/k3s-static-1.33pkg:apk/wolfi/k3s-static-1.35pkg:apk/wolfi/kubopkg:apk/wolfi/spegelpkg:apk/wolfi/telegraf-1.37pkg:golang/github.com/pion/dtlspkg:golang/github.com/pion/dtls/v2pkg:golang/github.com/pion/dtls/v3pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6
< 0.68.1-r0+ 40 more
- (no CPE)range: < 0.68.1-r0
- (no CPE)range: < 1.1.6-r0
- (no CPE)range: < 1.1.5-r8
- (no CPE)range: < 1.36.1.1-r0
- (no CPE)range: < 1.33.10.1-r5
- (no CPE)range: < 1.35.5.1-r0
- (no CPE)range: < 1.36.1.1-r0
- (no CPE)range: < 1.33.10.1-r5
- (no CPE)range: < 1.35.5.1-r0
- (no CPE)range: < 0.41.0-r0
- (no CPE)range: < 0.40.1-r7
- (no CPE)range: < 2.13.2-r3
- (no CPE)range: < 1.12.0-r5
- (no CPE)range: < 1.9.11-r4
- (no CPE)range: < 1.9.11-r5
- (no CPE)range: < 1.31.14.2.2-r0
- (no CPE)range: < 1.32.13.2.1-r0
- (no CPE)range: < 1.33.12.2.1-r0
- (no CPE)range: < 1.34.6.2.3-r0
- (no CPE)range: < 1.35.3.2.2-r0
- (no CPE)range: < 1.33.12.2.1-r0
- (no CPE)range: < 1.34.8.2.1-r0
- (no CPE)range: < 1.35.5.2.1-r0
- (no CPE)range: < 0.7.0-r0
- (no CPE)range: < 0.6.0-r8
- (no CPE)range: < 1.37.3-r0
- (no CPE)range: < 0.68.1-r0
- (no CPE)range: < 1.1.6-r0
- (no CPE)range: < 1.36.1.1-r0
- (no CPE)range: < 1.33.10.1-r5
- (no CPE)range: < 1.35.5.1-r0
- (no CPE)range: < 1.36.1.1-r0
- (no CPE)range: < 1.33.10.1-r5
- (no CPE)range: < 1.35.5.1-r0
- (no CPE)range: < 0.41.0-r0
- (no CPE)range: < 0.7.0-r0
- (no CPE)range: < 1.37.3-r0
- (no CPE)range: <= 1.5.4
- (no CPE)range: <= 2.2.12
- (no CPE)range: >= 3.1.0, < 3.1.1
- (no CPE)range: < 0.0.20260226T182644-150000.1.149.1
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-9f3f-wv7r-qc8rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-26014ghsaADVISORY
- github.com/pion/dtls/commit/61762dee8217991882c5eb79856b9e7a73ee349fghsax_refsource_MISCWEB
- github.com/pion/dtls/commit/90e241cfec2985715efdd3d005972847462a67d6ghsax_refsource_MISCWEB
- github.com/pion/dtls/pull/796ghsax_refsource_MISCWEB
- github.com/pion/dtls/releases/tag/v3.0.11ghsax_refsource_MISCWEB
- github.com/pion/dtls/releases/tag/v3.1.1ghsax_refsource_MISCWEB
- github.com/pion/dtls/security/advisories/GHSA-9f3f-wv7r-qc8rghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.