Vulnerability Description
A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the `TimeBuf` component, leading to undefined behavior when these malformed strings are subsequently processed. This could potentially result in application instability or other unforeseen consequences.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitoxidelabs | Gix-Date | < 0.12.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/CVE-2026-0810Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2427057Issue Tracking
- https://crates.io/crates/gix-dateProduct
- https://github.com/GitoxideLabs/gitoxide/issues/2305ExploitIssue Tracking
- https://rustsec.org/advisories/RUSTSEC-2025-0140.htmlThird Party Advisory
- https://github.com/GitoxideLabs/gitoxide/issues/2305ExploitIssue Tracking
FAQ
What is CVE-2026-0810?
CVE-2026-0810 is a vulnerability with a CVSS score of 7.1 (HIGH). A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the `Ti...
How severe is CVE-2026-0810?
CVE-2026-0810 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-0810?
Check the references section above for vendor advisories and patch information. Affected products include: Gitoxidelabs Gix-Date.