Vulnerabilities ›

CVE-2026-0810

High ⚡ Exploit Available

CWE-135 — Weakness Type

                    Published: Jan 26, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

7.1

🔗 NVD Official

📄 Description (English)

A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the `TimeBuf` component, leading to undefined behavior when these malformed strings are subsequently processed. This could potentially result in application instability or other unforeseen consequences.

🤖 AI Executive Summary

CVE-2026-0810 is a vulnerability in gix-date where the TimeBuf::as_str function generates invalid non-UTF8 strings, violating safety invariants and causing undefined behavior. This flaw can lead to application instability and unpredictable consequences when malformed strings are processed.

📄 Description (Arabic)

ثغرة في مكتبة gix-date حيث تقوم دالة TimeBuf::as_str بإنشاء سلاسل نصية تحتوي على أحرف غير صحيحة من حيث ترميز UTF-8. هذا ينتهك الضمانات الأمنية الداخلية للمكون ويؤدي إلى سلوك غير محدد عند معالجة هذه السلاسل المشوهة. قد يسبب عدم استقرار التطبيق أو عواقب غير متوقعة.

🤖 ملخص تنفيذي (AI)

A vulnerability exists in gix-date's TimeBuf::as_str function that produces invalid non-UTF8 character strings, breaking internal safety guarantees. Processing these malformed strings results in undefined behavior potentially causing application crashes or unexpected system behavior.

🤖 AI Intelligence Analysis Analyzed: May 10, 2026 06:19

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

banking telecom government healthcare

🎯 MITRE ATT&CK Techniques

T1190 T1499

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Update gix-date to the latest patched version immediately. Review and validate all date parsing operations in production systems. Implement input validation and error handling for date processing functions. Monitor applications for crashes or unexpected behavior related to date handling.

🔧 خطوات المعالجة (العربية)

قم بتحديث مكتبة gix-date إلى أحدث إصدار معدل فوراً. راجع وتحقق من جميع عمليات تحليل التاريخ في الأنظمة الإنتاجية. طبق التحقق من صحة المدخلات ومعالجة الأخطاء لوظائف معالجة التاريخ. راقب التطبيقات للكشف عن أعطال أو سلوك غير متوقع المتعلق بمعالجة التاريخ.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.12.6.1 A.14.2.1

🔵 SAMA CSF

CC6.1 CC6.2

🟡 ISO 27001:2022

A.12.6.1 A.14.2.1 A.14.2.5

🔗 References & Sources 6

🔗

https://access.redhat.com/security/cve/CVE-2026-0810

secalert@redhat.com

Third Party Advisory

🔗

https://bugzilla.redhat.com/show_bug.cgi?id=2427057

secalert@redhat.com

Issue Tracking

🔗

https://crates.io/crates/gix-date

secalert@redhat.com

Product

🔗

https://github.com/GitoxideLabs/gitoxide/issues/2305

secalert@redhat.com

Exploit Issue Tracking

🔗

https://rustsec.org/advisories/RUSTSEC-2025-0140.html

secalert@redhat.com

Third Party Advisory

🔗

https://github.com/GitoxideLabs/gitoxide/issues/2305

134c704f-9b21-4f2e-91b3-4a467353bcc0

Exploit Issue Tracking

📦 Affected Products / CPE 1 entries

gitoxidelabs:gix-date

📊 CVSS Score

7.1

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.1

CWECWE-135

EPSS0.01%

Exploit ✓ Yes

Patch ✓ Yes

Published 2026-01-26

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

exploit-available CWE-135

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-0810

💬 Comments

Introduce Yourself

Sign In Required