Views:

Technical Analysis by CVE


CVE-2025-68121: Unexpected session resumption in crypto/tls

  • CVSS 10 (Critical / NVD), CVSS 7.4 (High / Ubuntu Security)
  • Based on the analysis by the TrendAI development team, SWP/Deep Security is not affected or impacted by this vulnerability because the product does not use the vulnerable option that can be exploited.
  • For Basecamp, the sensor is also not affected for the same reason above; however, because some elements of the Go library are used in other forms, an upgrade to the library is being deployed in the March release of Basecamp (agent version 202603).

CVE-2026-26014: Pion DTLS uses random nonce generation with AES GCM ciphers risks leaking the authentication key
  • CVSS 5.9 (Medium)
  • Based on the analysis by the TrendAI development team, SWP/Deep Security is not affected or impacted by this vulnerability because the product does not use the vulnerable components that can be exploited.
  • For Basecamp, the sensor is also not affected for the same reason above; however, because some elements of the Go library are used in other forms, an upgrade to the library is planned for the April release of Basecamp.
Keywords: TECHINCAL IMPACT STATEMENT: SWP/Deep Security 20.x (CVE-2025-68121 & CVE-2026-26014)