← Back

CVE-2026-42014

nvd nist
Published: Jun 16, 2026Modified: Jul 13, 2026

JSON object

Loading...
6.6
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Exploitability: 1.8 / Impact: 4.7
Source: secalert@redhat.com (Secondary)

Description

A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path.

Timeline

No history available yet.