CVE Catalog

CVE-2026-54908

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.32%

24th percentile — higher than 24% of all known CVEs

Summary

Pion DTLS library versions prior to 3.1.4 are vulnerable to remote denial of service via a panic triggered while parsing a crafted ECDHE_PSK ServerKeyExchange message. The issue is fixed in version 3.1.4.

Risk Assessment

An attacker can remotely crash applications using the vulnerable library, causing service disruption and potential financial or operational losses.

Recommendation

Immediately upgrade Pion DTLS to version 3.1.4 or later, which contains the fix for this vulnerability.

Original NVD description (English source)

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Versions prior to 3.1.4 are vulnerable to Remote Denial of Service via panic while parsing a crafted ECDHE_PSK ServerKeyExchange message. This issue has been fixed in version 3.1.4.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS