CVE-2026-42014EPSS p9.4%

CVE-2026-42014CVE-2026-42014

Description

A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path.

Scoring

CVSS 6.6 ()
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
EPSS0.20% probability of exploitation · percentile 9.4% · 2026-06-19T12:03:05Z
Last modified2026-06-16
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.