What is the CVSS score of CVE-2026-0810?

CVE-2026-0810 has a CVSS 3.1 base score of 7.1 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Gix Date are affected by CVE-2026-0810?

CVE-2026-0810 affects the gix-date library and could allow attackers to exploit string handling vulnerabilities in systems that parse date/time data.. A patch is available.

Is there a public PoC exploit available for CVE-2026-0810?

Yes, a public proof-of-concept exploit is available for CVE-2026-0810. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-0810?

Within 24 hours: Identify all systems and applications using gix-date library and assess exposure; document findings and alert relevant teams. Within 7 days: Implement input validation and sanitization controls; restrict date/time parsing to trusted sources only; monitor for exploit attempts. Within 30 days: Engage vendor for patch timeline; evaluate alternative date-parsing libraries; develop and test migration plan if vendor patch remains unavailable.

Gix Date CVE-2026-0810

HIGH

Incorrect Calculation of Multi-Byte String Length (CWE-135)

2026-01-26 secalert@redhat.com

GHSA-6mw6-mj76-grwc

Information Disclosure Gix Date Red Hat

7.1

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.1 HIGH

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Red Hat

7.1 MEDIUM

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 22:00 vuln.today

PoC Detected

Feb 26, 2026 - 16:23 vuln.today

Public exploit code

CVE Published

Jan 26, 2026 - 20:16 nvd

HIGH 7.1

DescriptionCVE.org

A flaw was found in gix-date. The gix_date::parse::TimeBuf::as_str function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the TimeBuf component, leading to undefined behavior when these malformed strings are subsequently processed. This could potentially result in application instability or other unforeseen consequences.

AnalysisAI

The gix-date library's TimeBuf component can produce invalid UTF-8 strings that corrupt its internal safety mechanisms, triggering undefined behavior in downstream processing. This local privilege escalation vulnerability affecting gix-date has public exploit code available and can cause application crashes or unexpected behavior when a local attacker supplies malformed input. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Invoke gix_date::parse::TimeBuf::as_str function

Exploit

Generate string with invalid UTF-8 bytes

Execution

Trigger undefined behavior in string processing

Impact

Cause application crash or data corruption