CVE-2026-13757
Last modified
CVE-2026-13757 is a medium-severity vulnerability rated 6.2/10 on the CVSS scale. A flaw was found in p11-kit. The RPC message attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_get_attribute_array_value() form a mutually-recursive call chain with no recursion depth limit when processing nested CKA_WRAP_TEMPLATE, CKA_UNWRAP_TEMPLATE, and CKA_DERIVE_TEMPLATE attributes. EPSS estimates a 0.13% chance of exploitation in the next 30 days.
Description
A flaw was found in p11-kit. The RPC message attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_get_attribute_array_value() form a mutually-recursive call chain with no recursion depth limit when processing nested CKA_WRAP_TEMPLATE, CKA_UNWRAP_TEMPLATE, and CKA_DERIVE_TEMPLATE attributes. An unauthenticated attacker with local access to the p11-kit RPC Unix domain socket can send a specially crafted request with deeply nested template attributes, causing stack exhaustion and crashing the p11-kit server process and its dependent services.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Hardened Images | All versions |
| Redhat | Openshift Container Platform | >= 4.0, <= 4.22.1 |
| Redhat | Enterprise Linux | 6.0 |
| Redhat | Enterprise Linux | 7.0 |
| Redhat | Enterprise Linux | 8.0 |
| Redhat | Enterprise Linux | 9.0 |
| Redhat | Enterprise Linux | 10.0 |
| P11-Kit Project | P11-Kit | All versions |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2026-13757?
How severe is CVE-2026-13757?
How do I fix CVE-2026-13757?
Related CVEs from 2026
- CVE-2026-1375The Tutor LMS – eLearning and online course solution plugin …8.1
- CVE-2026-13750Insertion of sensitive information into log files in Snowfla…5.5
- CVE-2026-13751Improper handling of untrusted remote references in Snowflak…9.6
- CVE-2026-13752Improper neutralization of parameters in Snowflake CLI versi…8
- CVE-2026-13753A missing authorization vulnerability exists in the embedded…7.5
- CVE-2026-13756The WP Grid Builder plugin for WordPress is vulnerable to Pr…8.8
- CVE-2026-13758CryptX versions before 0.088_001 for Perl compare AEAD authe…3.7
- CVE-2026-13759IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships th…8.8
- CVE-2026-1376IBM i 7.6 could allow a remote attacker to cause a denial of…7.5
- CVE-2026-13760OS command injection in the NodejsFunction Docker bundling p…7.3
- CVE-2026-13762Inconsistent interpretation of HTTP/2 requests in Amazon Clo…9.8
- CVE-2026-13763Inconsistent interpretation of HTTP/2 requests in AWS Applic…9.8
Are you affected by CVE-2026-13757?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
