CVE Watchtower


← Back to CVE List

CVE-2026-42014NVD

Vulnerability Summary

A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path.
Severity Level
MEDIUM(6.6)
Published Date
Jun 16, 2026
Last Modified
Jun 30, 2026
Exploitation Status
No confirmed exploitation yet
EPSS Score (30-Day)
0.15%Probability
Root Weakness (CWE)
Refer to the official MITRE database for detailed architectural specifications regarding this weakness.
CVSS v3.1 Base Metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityHigh