CVE-2026-0810
Description
A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the `TimeBuf` component, leading to undefined behavior when these malformed strings are subsequently processed. This could potentially result in application instability or other unforeseen consequences.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
Debian Affected 3 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Affected | โ |
| sid | Affected | โ |
| forky | Affected | โ |
References
- https://github.com/GitoxideLabs/gitoxide/issues/2305
- https://nvd.nist.gov/vuln/detail/CVE-2026-0810
- https://github.com/GitoxideLabs/gitoxide/pull/2306
- https://github.com/GitoxideLabs/gitoxide/commit/76376ef5e97c63e108db0c9fe2eb096f4bfe70f7
- https://access.redhat.com/security/cve/CVE-2026-0810
- https://bugzilla.redhat.com/show_bug.cgi?id=2427057
- https://github.com/GitoxideLabs/gitoxide
- https://rustsec.org/advisories/RUSTSEC-2025-0140.html
- https://crates.io/crates/gix-date
- https://security-tracker.debian.org/tracker/CVE-2026-0810
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.