Home > Vulnerability Database > CVE-2026-0810

Mend.io Vulnerability Database

CVE-2026-0810

Good to know:

Date: January 26, 2026

A flaw was found in gix-date. The "gix_date::parse::TimeBuf::as_str" function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the "TimeBuf" component, leading to undefined behavior when these malformed strings are subsequently processed. This could potentially result in application instability or other unforeseen consequences.

Severity Score

6.8

Related Resources (10)

Url: https://github.com/GitoxideLabs/gitoxide

Url: https://access.redhat.com/security/cve/CVE-2026-0810

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-0810

Url: https://github.com/GitoxideLabs/gitoxide/commit/76376ef5e97c63e108db0c9fe2eb096f4bfe70f7

Url: https://github.com/GitoxideLabs/gitoxide/issues/2305

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2427057

Url: https://crates.io/crates/gix-date

Url: https://rustsec.org/advisories/RUSTSEC-2025-0140.html

Url: https://github.com/GitoxideLabs/gitoxide/pull/2306

Url: https://www.mend.io/vulnerability-database/CVE-2026-0810

Severity Score

6.8

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Incorrect Calculation of Multi-Byte String Length

CWE-135

Top Fix

Upgrade Version

Upgrade to version gix-date - 0.12.0;gix-date - 0.12.0;https://github.com/GitoxideLabs/gitoxide.git - gix-date-v0.12.0

Learn More

CVSS v3.1

Base Score:	6.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2026-0810

Good to know:

Date: January 26, 2026

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?