Vulnerabilities

CVE-2026-24881

by Fred · 27/01/2026

In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT–kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.

More information : https://dev.gnupg.org/T8044

Similar

Tags: Cybersecurity Alert