CVE-2026-0810 HIGH

CVE-2026-0810: Gix-date: gix-date: undefined behavior due to invalid string generation

Vendor Gitoxidelabs
Product gitoxide
Weakness CWE-135
Published January 26, 2026
Last update April 20, 2026

CVSS base score

7.1/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the `TimeBuf` component, leading to undefined behavior when these malformed strings are subsequently processed. This could potentially result in application instability or other unforeseen consequences.

Key dates

02Disclosure timeline

January 26, 2026 CVE published
April 20, 2026 Record updated