CVE-2026-13757

A flaw was found in p11-kit. The RPC message attribute parsing functions p11 rpc message get attribute() and p11 rpc message get attribute array value() form a mutually-recursive call chain with no recursion depth limit when processing nested CKA WRAP TEMPLATE, CKA UNWRAP TEMPLATE, and CKA DERIVE TEMPLATE attributes. An unauthenticated attacker with local access to the p11-kit RPC Unix domain socket can send a specially crafted request with deeply nested template attributes, causing stack exhaustion and crashing the p11-kit server process and its dependent services.