CVE-2026-41989

MEDIUM

Gnupg Libgcrypt < 1.10.4 - Buffer Overflow

Title source: rule
STIX 2.1

Description

Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.

References (3)

Scores

CVSS v3 6.7
EPSS 0.0001
EPSS Percentile 3.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-787
Status published
Products (4)
gnupg/Libgcrypt 1.11.0 - 1.11.3
gnupg/Libgcrypt 1.12.0 - 1.12.2
gnupg/Libgcrypt 1.8.8 - 1.10.4
gnupg/libgcrypt 1.8.8 - 1.10.4
Published Apr 23, 2026
Tracked Since Apr 23, 2026