Skip to content

Commit e610b24

Browse files
authored
Merge pull request #420 from IABTechLab/swi-UID2-7376-p11-kit-cve-2026-2100
UID2-7376: suppress CVE-2026-2100 (p11-kit) — not exploitable
2 parents 65ffdc6 + dfd25d0 commit e610b24

1 file changed

Lines changed: 8 additions & 0 deletions

File tree

.trivyignore

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,3 +22,11 @@ CVE-2026-42577 exp:2026-09-11
2222
# See: UID2-7364
2323
CVE-2026-54512 exp:2026-07-25
2424
CVE-2026-54513 exp:2026-07-25
25+
26+
# CVE-2026-2100 — p11-kit NULL dereference via C_DeriveKey in the Alpine base image.
27+
# uid2-core is a pure Java service; the JVM uses JSSE for TLS and the bundled Java cacerts keystore for trust — it does
28+
# not load the native p11-kit PKCS#11 module loader and never calls C_DeriveKey, so the
29+
# vulnerable code path is not reachable. Fixed in Alpine v3.23 >= 0.26.2-r0 but the pinned
30+
# eclipse-temurin base image has not yet been rebuilt with it.
31+
# See: UID2-7376
32+
CVE-2026-2100 exp:2026-09-01

0 commit comments

Comments
 (0)