GHSA-rc6v-5rmx-w5mv: arnika is affected by medium-severity issues in UDP rotation, PQC handling, and KMS TLS

May 15, 2026 (updated June 9, 2026)

Three medium-severity issues in arnika affecting the UDP key-rotation protocol, PQC key file handling, and KMS TLS client. All require specific preconditions to exploit and do not allow direct code execution or immediate key extraction. A self-contained PoC is attached.

References

github.com/advisories/GHSA-rc6v-5rmx-w5mv
github.com/arnika-project/arnika/commit/efbd980d8b636cb59f60f2d6ece1b80a9cf36535
github.com/arnika-project/arnika/releases/tag/v1.0.1
github.com/arnika-project/arnika/security/advisories/GHSA-rc6v-5rmx-w5mv

Code Behaviors & Features

Detect and mitigate GHSA-rc6v-5rmx-w5mv with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →