Vulnerability-Lookup

WID-SEC-W-2026-1267

Vulnerability from csaf_certbund - Published: 2026-04-26 22:00 - Updated: 2026-05-04 22:00

Summary

Red Hat Hardened Images RPMs: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Red Hat Hardened Images RPMs ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Rechte zu erweitern, vertrauliche Informationen offenzulegen, Daten zu manipulieren oder einen Denial-of-Service-Zustand zu verursachen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX

CVE-2025-69277

Affected products

Known affected 5 products

Product	Identifier	Version
Red Hat Enterprise Linux Hardened Images RPMs Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:hardened_images_rpms`	Hardened Images RPMs
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-2100

Affected products

Known affected 5 products

Product	Identifier	Version
Red Hat Enterprise Linux Hardened Images RPMs Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:hardened_images_rpms`	Hardened Images RPMs
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-41989

Affected products

Known affected 5 products

Product	Identifier	Version
Red Hat Enterprise Linux Hardened Images RPMs Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:hardened_images_rpms`	Hardened Images RPMs
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-4878

Affected products

Known affected 5 products

Product	Identifier	Version
Red Hat Enterprise Linux Hardened Images RPMs Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:hardened_images_rpms`	Hardened Images RPMs
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

References

14 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://access.redhat.com/errata/RHSA-2026:7065	external
https://access.redhat.com/errata/RHSA-2026:7369	external
https://access.redhat.com/errata/RHSA-2026:7473	external
https://access.redhat.com/errata/RHSA-2026:8466	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://access.redhat.com/errata/RHSA-2026:13285	external
http://linux.oracle.com/errata/ELSA-2026-12441.html	external
https://access.redhat.com/errata/RHSA-2026:12423	external
https://access.redhat.com/errata/RHSA-2026:12441	external
http://linux.oracle.com/errata/ELSA-2026-12423.html	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Red Hat Hardened Images RPMs ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Rechte zu erweitern, vertrauliche Informationen offenzulegen, Daten zu manipulieren oder einen Denial-of-Service-Zustand zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1267 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1267.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1267 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1267"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:7065 vom 2026-04-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:7065"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:7369 vom 2026-04-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:7369"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:7473 vom 2026-04-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:7473"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:8466 vom 2026-04-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:8466"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21274-1 vom 2026-04-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025632.html"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-8409145C11 vom 2026-04-27",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-8409145c11"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-9A79C58AFD vom 2026-04-27",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-9a79c58afd"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:13285 vom 2026-05-04",
        "url": "https://access.redhat.com/errata/RHSA-2026:13285"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-12441 vom 2026-05-01",
        "url": "http://linux.oracle.com/errata/ELSA-2026-12441.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:12423 vom 2026-04-30",
        "url": "https://access.redhat.com/errata/RHSA-2026:12423"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:12441 vom 2026-04-30",
        "url": "https://access.redhat.com/errata/RHSA-2026:12441"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-12423 vom 2026-05-04",
        "url": "http://linux.oracle.com/errata/ELSA-2026-12423.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat Hardened Images RPMs: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-05-04T22:00:00.000+00:00",
      "generator": {
        "date": "2026-05-05T08:27:24.090+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-1267",
      "initial_release_date": "2026-04-26T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-04-26T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-05-03T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2026-05-04T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux",
                "product": {
                  "name": "Red Hat Enterprise Linux",
                  "product_id": "67646",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Hardened Images RPMs",
                "product": {
                  "name": "Red Hat Enterprise Linux Hardened Images RPMs",
                  "product_id": "T053320",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:hardened_images_rpms"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-69277",
      "product_status": {
        "known_affected": [
          "T053320",
          "T002207",
          "67646",
          "T004914",
          "74185"
        ]
      },
      "release_date": "2026-04-26T22:00:00.000+00:00",
      "title": "CVE-2025-69277"
    },
    {
      "cve": "CVE-2026-2100",
      "product_status": {
        "known_affected": [
          "T053320",
          "T002207",
          "67646",
          "T004914",
          "74185"
        ]
      },
      "release_date": "2026-04-26T22:00:00.000+00:00",
      "title": "CVE-2026-2100"
    },
    {
      "cve": "CVE-2026-41989",
      "product_status": {
        "known_affected": [
          "T053320",
          "T002207",
          "67646",
          "T004914",
          "74185"
        ]
      },
      "release_date": "2026-04-26T22:00:00.000+00:00",
      "title": "CVE-2026-41989"
    },
    {
      "cve": "CVE-2026-4878",
      "product_status": {
        "known_affected": [
          "T053320",
          "T002207",
          "67646",
          "T004914",
          "74185"
        ]
      },
      "release_date": "2026-04-26T22:00:00.000+00:00",
      "title": "CVE-2026-4878"
    }
  ]
}

CVE-2025-69277 (GCVE-0-2025-69277)

Vulnerability from cvelistv5 – Published: 2025-12-31 05:50 – Updated: 2026-01-07 17:06

Summary

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.

Severity ?

4.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE

CWE-184 - Incomplete List of Disallowed Inputs

Assigner

mitre

References

7 references

URL	Tags
https://github.com/jedisct1/libsodium/commit/ad30…
https://00f.net/2025/12/30/libsodium-vulnerability/
https://news.ycombinator.com/item?id=46435614
https://ianix.com/pub/ed25519-deployment.html
https://github.com/pyca/pynacl/issues/920
https://github.com/pyca/pynacl/commit/ecf41f55a3d…
https://github.com/pyca/pynacl/commit/96314884d88…

Impacted products

1 product

Vendor	Product	Version
libsodium	libsodium	Affected: 0 , < ad3004ec8731730e93fcfbbc824e67eadc1c1bae (git)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-69277",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-02T15:59:09.134600Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-02T17:38:32.240Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-01-07T17:06:43.302Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2026/01/msg00004.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "libsodium",
          "vendor": "libsodium",
          "versions": [
            {
              "lessThan": "ad3004ec8731730e93fcfbbc824e67eadc1c1bae",
              "status": "affected",
              "version": "0",
              "versionType": "git"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren\u0027t in the main cryptographic group."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-184",
              "description": "CWE-184 Incomplete List of Disallowed Inputs",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-06T16:38:46.029Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae"
        },
        {
          "url": "https://00f.net/2025/12/30/libsodium-vulnerability/"
        },
        {
          "url": "https://news.ycombinator.com/item?id=46435614"
        },
        {
          "url": "https://ianix.com/pub/ed25519-deployment.html"
        },
        {
          "url": "https://github.com/pyca/pynacl/issues/920"
        },
        {
          "url": "https://github.com/pyca/pynacl/commit/ecf41f55a3d8f1e10ce89c61c4b4d67f3f4467cf"
        },
        {
          "url": "https://github.com/pyca/pynacl/commit/96314884d88d1089ff5f336dba61d7abbcddbbf7"
        }
      ],
      "x_generator": {
        "engine": "CVE-Request-form 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-69277",
    "datePublished": "2025-12-31T05:50:07.422Z",
    "dateReserved": "2025-12-31T05:50:07.155Z",
    "dateUpdated": "2026-01-07T17:06:43.302Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4878 (GCVE-0-2026-4878)

Vulnerability from cvelistv5 – Published: 2026-04-09 14:49 – Updated: 2026-05-07 21:33

Title

Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()

Summary

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.

Severity ?

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Assigner

redhat

References

9 references

URL	Tags
https://access.redhat.com/errata/RHSA-2026:12423	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:12441	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13285	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:14162	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:14937	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7473	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-4878	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2447554
https://bugzilla.redhat.com/show_bug.cgi?id=2451615	issue-trackingx_refsource_REDHAT

Impacted products

15 products

Vendor	Product	Version
Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:2.69-7.el10_1.1 , < * (rpm) cpe:/o:redhat:enterprise_linux:10.1
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.48-6.el8_10.1 , < * (rpm) cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.48-10.el9_7.1 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.48-10.el9_7.1 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Discovery 2	Unaffected: 1778101579 , < * (rpm) cpe:/a:redhat:discovery:2::el9
Red Hat	Red Hat Discovery 2	Unaffected: 1778156756 , < * (rpm) cpe:/a:redhat:discovery:2::el9
Red Hat	Red Hat Hardened Images	Unaffected: 2.78-1.1.hum1 , < * (rpm) cpe:/a:redhat:hummingbird:1
Red Hat	Red Hat OpenShift distributed tracing 3.9.3	Unaffected: 1778056267 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.9::el9
Red Hat	Red Hat OpenShift distributed tracing 3.9.3	Unaffected: 1778056233 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.9::el9
Red Hat	Red Hat OpenShift distributed tracing 3.9.3	Unaffected: 1778056245 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.9::el9
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4

Date Public ?

2026-04-06 00:00

Credits

Red Hat would like to thank Ali Raza for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-04-09T15:36:22.355Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/07/4"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/07/14"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/08/9"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/09/5"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/09/6"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4878",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-09T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-10T03:56:06.647Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.1"
          ],
          "defaultStatus": "affected",
          "packageName": "libcap",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.69-7.el10_1.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libcap",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.48-6.el8_10.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libcap",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.48-10.el9_7.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libcap",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.48-10.el9_7.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:discovery:2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "discovery/discovery-server-rhel9",
          "product": "Red Hat Discovery 2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1778101579",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:discovery:2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "discovery/discovery-ui-rhel9",
          "product": "Red Hat Discovery 2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1778156756",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:hummingbird:1"
          ],
          "defaultStatus": "affected",
          "packageName": "libcap-main",
          "product": "Red Hat Hardened Images",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2.78-1.1.hum1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/opentelemetry-collector-rhel9",
          "product": "Red Hat OpenShift distributed tracing 3.9.3",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1778056267",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/opentelemetry-rhel9-operator",
          "product": "Red Hat OpenShift distributed tracing 3.9.3",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1778056233",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/opentelemetry-target-allocator-rhel9",
          "product": "Red Hat OpenShift distributed tracing 3.9.3",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1778056245",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "compat-libcap1",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libcap",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "compat-libcap1",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "libcap",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Ali Raza for reporting this issue."
        }
      ],
      "datePublic": "2026-04-06T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "Time-of-check Time-of-use (TOCTOU) Race Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-07T21:33:20.039Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:12423",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:12423"
        },
        {
          "name": "RHSA-2026:12441",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:12441"
        },
        {
          "name": "RHSA-2026:13285",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:13285"
        },
        {
          "name": "RHSA-2026:14162",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:14162"
        },
        {
          "name": "RHSA-2026:14937",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:14937"
        },
        {
          "name": "RHSA-2026:7473",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:7473"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-4878"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447554"
        },
        {
          "name": "RHBZ#2451615",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451615"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-26T06:56:21.213Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-04-06T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-4878",
    "datePublished": "2026-04-09T14:49:02.942Z",
    "dateReserved": "2026-03-26T06:32:41.308Z",
    "dateUpdated": "2026-05-07T21:33:20.039Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-2100 (GCVE-0-2026-2100)

Vulnerability from cvelistv5 – Published: 2026-03-26 20:01 – Updated: 2026-05-19 09:06

Title

P11-kit: null dereference via c_derivekey with specific null parameters

Summary

A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-824 - Access of Uninitialized Pointer

Assigner

redhat

References

5 references

URL	Tags
https://access.redhat.com/errata/RHSA-2026:18143	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7065	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-2100	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2437308	issue-trackingx_refsource_REDHAT
https://github.com/p11-glue/p11-kit/pull/740

Impacted products

7 products

Vendor	Product	Version
Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:0.26.2-1.el10 , < * (rpm) cpe:/o:redhat:enterprise_linux:10.2
Red Hat	Red Hat Hardened Images	Unaffected: 0.26.2-1.1.hum1 , < * (rpm) cpe:/a:redhat:hummingbird:1
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4

Date Public ?

2026-02-06 08:08

Credits

This issue was discovered by Zoltan Fridrich (Red Hat).

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2100",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-26T20:30:34.453809Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-26T20:30:53.390Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.2"
          ],
          "defaultStatus": "affected",
          "packageName": "p11-kit",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.26.2-1.el10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:hummingbird:1"
          ],
          "defaultStatus": "affected",
          "packageName": "p11-kit-main",
          "product": "Red Hat Hardened Images",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0.26.2-1.1.hum1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "p11-kit",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "p11-kit",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "p11-kit",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "p11-kit",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Zoltan Fridrich (Red Hat)."
        }
      ],
      "datePublic": "2026-02-06T08:08:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-824",
              "description": "Access of Uninitialized Pointer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-19T09:06:54.871Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:18143",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:18143"
        },
        {
          "name": "RHSA-2026:7065",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:7065"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-2100"
        },
        {
          "name": "RHBZ#2437308",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437308"
        },
        {
          "url": "https://github.com/p11-glue/p11-kit/pull/740"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-06T12:02:49.002Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-02-06T08:08:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "P11-kit: null dereference via c_derivekey with specific null parameters",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-824: Access of Uninitialized Pointer"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-2100",
    "datePublished": "2026-03-26T20:01:46.174Z",
    "dateReserved": "2026-02-06T12:05:50.501Z",
    "dateUpdated": "2026-05-19T09:06:54.871Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-41989 (GCVE-0-2026-41989)

Vulnerability from cvelistv5 – Published: 2026-04-23 04:30 – Updated: 2026-04-23 16:22

Summary

Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.

Severity ?

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE

CWE-787 - Out-of-bounds Write

Assigner

mitre

References

3 references

URL	Tags
https://lists.gnupg.org/pipermail/gnupg-announce/…
https://dev.gnupg.org/T8211
https://www.openwall.com/lists/oss-security/2026/…

Impacted products

1 product

Vendor	Product	Version
gnupg	Libgcrypt	Affected: 1.8.8 , < 1.10.4 (semver) Affected: 1.11.0 , < 1.11.3 (semver) Affected: 1.12.0 , < 1.12.2 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-41989",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-23T15:58:58.277481Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-23T16:22:47.896Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Libgcrypt",
          "vendor": "gnupg",
          "versions": [
            {
              "lessThan": "1.10.4",
              "status": "affected",
              "version": "1.8.8",
              "versionType": "semver"
            },
            {
              "lessThan": "1.11.3",
              "status": "affected",
              "version": "1.11.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.12.2",
              "status": "affected",
              "version": "1.12.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.10.4",
                  "versionStartIncluding": "1.8.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.11.3",
                  "versionStartIncluding": "1.11.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.12.2",
                  "versionStartIncluding": "1.12.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-23T05:10:34.992Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html"
        },
        {
          "url": "https://dev.gnupg.org/T8211"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2026/04/21/1"
        }
      ],
      "x_generator": {
        "engine": "CVE-Request-form 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2026-41989",
    "datePublished": "2026-04-23T04:30:26.124Z",
    "dateReserved": "2026-04-23T04:30:25.690Z",
    "dateUpdated": "2026-04-23T16:22:47.896Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-1267

CVE-2025-69277 (GCVE-0-2025-69277)

CVE-2026-4878 (GCVE-0-2026-4878)

CVE-2026-2100 (GCVE-0-2026-2100)

CVE-2026-41989 (GCVE-0-2026-41989)

Tags

Sightings

Nomenclature