{"vulnerability": "GHSA-RC6V-5RMX-W5MV", "sightings": [{"uuid": "07b5ee1d-89e9-4b6e-a05b-a0604dc65553", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-RC6V-5RMX-W5MV", "type": "seen", "source": "https://gist.github.com/alon710/7369a43661d2464459ab6b6fcb329366", "content": "# GHSA-RC6V-5RMX-W5MV: GHSA-RC6V-5RMX-W5MV: Multi-Vector Cryptographic and State Machine Vulnerabilities in Arnika\n\n&gt; **CVSS Score:** 6.5\n&gt; **Published:** 2026-05-15\n&gt; **Full Report:** https://cvereports.com/reports/GHSA-RC6V-5RMX-W5MV\n\n## Summary\nArnika versions prior to v1.0.1 contain multiple medium-severity vulnerabilities affecting the UDP key-rotation protocol, Post-Quantum Cryptography (PQC) key file handling, and Key Management System (KMS) TLS configuration. These flaws permit UDP replay attacks causing denial of service, silent security downgrades via empty PQC files, and Man-in-the-Middle (MITM) attacks against the KMS.\n\n## TL;DR\nArnika &lt; v1.0.1 suffers from UDP replay vulnerabilities, insecure PQC key file handling leading to silent cryptographic downgrades, and disabled TLS verification. These issues are resolved in version 1.0.1.\n\n## Technical Details\n\n- **CWE ID**: CWE-295, CWE-294, CWE-732\n- **Attack Vector**: Network / Local\n- **CVSS Score**: 6.5\n- **Impact**: Denial of Service, Security Downgrade, MITM Key Interception\n- **Exploit Status**: None\n- **Fixed Version**: v1.0.1\n\n## Affected Systems\n\n- arnika\n- Wireguard VPN Extension\n- **arnika**: &lt; 1.0.1 (Fixed in: `v1.0.1`)\n\n## Mitigation\n\n- Upgrade to arnika v1.0.1\n- Ensure PQC key files have strict file permissions (0600)\n- Enforce network segmentation for KMS communication\n\n**Remediation Steps:**\n1. Update the arnika deployment to version 1.0.1\n2. Audit the filesystem permissions on all PQC Pre-Shared Key files\n3. Restart the arnika service to apply configuration and binary changes\n4. Verify the TLS configuration to the Key Management System enforces certificate validation\n\n## References\n\n- [GitHub Advisory: GHSA-RC6V-5RMX-W5MV](https://github.com/advisories/GHSA-RC6V-5RMX-W5MV)\n- [Arnika Repository](https://github.com/arnika-project/arnika)\n- [Fix Commit: efbd980d8b636cb59f60f2d6ece1b80a9cf36535](https://github.com/arnika-project/arnika/commit/efbd980d8b636cb59f60f2d6ece1b80a9cf36535)\n- [Release v1.0.1](https://github.com/arnika-project/arnika/releases/tag/v1.0.1)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-RC6V-5RMX-W5MV) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-15T20:40:29.000000Z"}]}