CVE-2026-26014: Pion DTLS's usage of random nonce generation with AES GCM ciphers risks leaking the authentication key

February 11, 2026

Pion DTLS versions v1.0.0 through v3.1.0 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a “forbidden attack”.

References

github.com/advisories/GHSA-9f3f-wv7r-qc8r
github.com/pion/dtls
github.com/pion/dtls/commit/61762dee8217991882c5eb79856b9e7a73ee349f
github.com/pion/dtls/pull/796
github.com/pion/dtls/security/advisories/GHSA-9f3f-wv7r-qc8r
nvd.nist.gov/vuln/detail/CVE-2026-26014

Code Behaviors & Features

Detect and mitigate CVE-2026-26014 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →