CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-54908

unknowncovered by 2 sourcesfirst seen 2026-07-01
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Versions prior to 3.1.4 are vulnerable to Remote Denial of Service via panic while parsing a crafted ECDHE_PSK ServerKeyExchange message. This issue has been fixed in version 3.1.4.

CSIRTS triage

What
A denial of service vulnerability exists due to panic while parsing a crafted ECDHE_PSK ServerKeyExchange message.
Who is affected
Deployments of Pion DTLS.
Urgency
Remediation urgency is unknown as the severity is not rated and exploitation status is unclear.
Action
Monitor for updates from Pion regarding this vulnerability.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-54908

Get an email if CVE-2026-54908 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (2)

External references

NVD record for CVE-2026-54908

CVE.org record

Embed the live status

CVE-2026-54908 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-54908 status](https://www.csirts.com/badge/CVE-2026-54908)](https://www.csirts.com/cve/CVE-2026-54908)