CVE-2026-23991 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-23991 PUBLISHED CVSS 5.900000095367432 MEDIUM

go-tuf affected by client DoS via malformed server response

EPSS 0.02% · 6.2th percentile

Risk Scores

CVSS v3.1

5.900000095367432

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.02%

6.2th percentile

Affected Products

Vendor	Product	Versions
theupdateframework	go-tuf	2.0.0, >= 2.0.0, < 2.3.1, 2.0.0
github.com	theupdateframework/go-tuf/v2	0, 0, 0

Timeline

Jan 21, 2026 CVE Published
Jan 22, 2026 EPSS Score
Jan 22, 2026 PoC Published
Jan 22, 2026 CVE Updated
Jan 24, 2026 EPSS Score
Jan 24, 2026 PoC Published
Jan 24, 2026 PoC Published
Jan 24, 2026 PoC Published
Jan 24, 2026 PoC Published
Jan 24, 2026 PoC Published
Jan 26, 2026 EPSS Score
Jan 28, 2026 EPSS Score

References

Open in Interactive Console →