Skip to content

Commit 5686cca

Browse files
authored
Merge pull request #663 from IABTechLab/swi-UID2-7376-p11-kit-cve-2026-2100
UID2-7376: suppress CVE-2026-2100 (p11-kit) — not exploitable
2 parents 270396f + 0ea1edc commit 5686cca

1 file changed

Lines changed: 8 additions & 0 deletions

File tree

.trivyignore

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,3 +30,11 @@ CVE-2026-42577 exp:2026-09-11
3030
# See: UID2-7364
3131
CVE-2026-54512 exp:2026-07-25
3232
CVE-2026-54513 exp:2026-07-25
33+
34+
# CVE-2026-2100 — p11-kit NULL dereference via C_DeriveKey in the Alpine base image.
35+
# uid2-admin is a pure Java service; the JVM uses JSSE for TLS and the bundled Java cacerts keystore for trust — it does
36+
# not load the native p11-kit PKCS#11 module loader and never calls C_DeriveKey, so the
37+
# vulnerable code path is not reachable. Fixed in Alpine v3.23 >= 0.26.2-r0 but the pinned
38+
# eclipse-temurin base image has not yet been rebuilt with it.
39+
# See: UID2-7376
40+
CVE-2026-2100 exp:2026-09-01

0 commit comments

Comments
 (0)