CVE-2026-26014

Name of the Vulnerable Software and Affected Versions Pion DTLS versions 1.0.0 through 3.1.0

Description Pion DTLS, a Go implementation of Datagram Transport Layer Security, is susceptible to an issue where the use of random nonce generation with AES GCM ciphers allows remote attackers to potentially obtain the authentication key and spoof data. This is possible due to nonce reuse in a session and a “forbidden attack”.

Recommendations Upgrade to version 3.1.0 or later. This version includes a fix that uses the 64-bit sequence number to populate the nonce explicit part of the GCM nonce. There are no workarounds without upgrading to version 3.1.0 or later.