GHSA-RC6V-5RMX-W5MV: GHSA-RC6V-5RMX-W5MV: Multi-Vector Cryptographic and State Machine Vulnerabil…

1 / 2

GHSA-RC6V-5RMX-W5MV: GHSA-RC6V-5RMX-W5MV: Multi-Vector Cryptographic and State Machine Vulnerabilities in Arnika

DEV Community·CVE Reports·17 days ago

#luNtoA3A

#releasev101 #security #cve #cybersecurity #arnika #ghsa

Reading 0:00

15s threshold

GHSA-RC6V-5RMX-W5MV: Multi-Vector Cryptographic and State Machine Vulnerabilities in Arnika Vulnerability ID: GHSA-RC6V-5RMX-W5MV CVSS Score: 6.5 Published: 2026-05-15 Arnika versions prior to v1.0.1 contain multiple medium-severity vulnerabilities affecting the UDP key-rotation protocol, Post-Quantum Cryptography (PQC) key file handling, and Key Management System (KMS) TLS configuration. These flaws permit UDP replay attacks causing denial of service, silent security downgrades via empty PQC files, and Man-in-the-Middle (MITM) attacks against the KMS. TL;DR Arnika < v1.0.1 suffers from UDP replay vulnerabilities, insecure PQC key file handling leading to silent cryptographic downgrades, and disabled TLS verification. These issues are resolved in version 1.0.1.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

GHSA-RC6V-5RMX-W5MV: GHSA-RC6V-5RMX-W5MV: Multi-Vector Cryptographic and State Machine Vulnerabilities in Arnika