CVE-2026-24881

Vulnerability

CVE-2026-24881

GnuPG: GnuPG: Remote code execution and denial of service via crafted CMS EnvelopedData message

ecosystem: redhat:6, redhat:7, redhat:8, redhat:9, redhat:10

A flaw was found in GnuPG. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. This message, containing an oversized wrapped session key, can cause a stack-based buffer overflow in the gpg-agent component. Successful exploitation may lead to a denial of service and potentially remote code execution.

References
severityI
Important

type: vendor

source: secalert@redhat.com

CVSS3.1
8.1HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AVNetwork
ACHigh
PRNone
UINone
SNot Changed
CHigh
IHigh
AHigh

source: secalert@redhat.com

 CWE
CWE-121

Stack-based Buffer Overflow

source: secalert@redhat.com

published: 2026-01-27 18:36:56

modified: 2026-01-28 09:19:39

Detection

redhat:10
CVE-2026-24881

redhat-vex

OR

unfixedAffected

 

gnupg2

package type: binary

type: version
unfixedAffected

 

gnupg2-smime

package type: binary

type: version
unfixedAffected

 

gnupg2

package type: source

type: version

tag: rhel-10:2f2e6eaf-40b2-9178-7687-8c20729a095c

redhat:6
CVE-2026-24881

redhat-vex

OR

unfixedWill not fix

 

gnupg2

package type: binary

type: version
unfixedWill not fix

 

gnupg2-smime

package type: binary

type: version
unfixedWill not fix

 

gnupg2

package type: source

type: version

tag: rhel-6-els:4e5832ca-37f6-ab04-e90c-f44c194c4327

OR

unfixedWill not fix

 

gnupg2

package type: binary

type: version
unfixedWill not fix

 

gnupg2-smime

package type: binary

type: version
unfixedWill not fix

 

gnupg2

package type: source

type: version

tag: rhel-6-extras-including-unpatched:4e5832ca-37f6-ab04-e90c-f44c194c4327

OR

unfixedWill not fix

 

gnupg2

package type: binary

type: version
unfixedWill not fix

 

gnupg2-smime

package type: binary

type: version
unfixedWill not fix

 

gnupg2

package type: source

type: version

tag: rhel-6-including-unpatched:4e5832ca-37f6-ab04-e90c-f44c194c4327

OR

unfixedWill not fix

 

gnupg2

package type: binary

type: version
unfixedWill not fix

 

gnupg2-smime

package type: binary

type: version
unfixedWill not fix

 

gnupg2

package type: source

type: version

tag: rhel-6-supplementary:4e5832ca-37f6-ab04-e90c-f44c194c4327

redhat:7
CVE-2026-24881

redhat-vex

OR

unfixedAffected

 

gnupg2

package type: binary

type: version
unfixedAffected

 

gnupg2-smime

package type: binary

type: version
unfixedAffected

 

gnupg2

package type: source

type: version

tag: rhel-7-extras-including-unpatched:a5d82b87-12e0-d8cf-fe19-bd383075b7a8

OR

unfixedAffected

 

gnupg2

package type: binary

type: version
unfixedAffected

 

gnupg2-smime

package type: binary

type: version
unfixedAffected

 

gnupg2

package type: source

type: version

tag: rhel-7-including-unpatched:a5d82b87-12e0-d8cf-fe19-bd383075b7a8

OR

unfixedAffected

 

gnupg2

package type: binary

type: version
unfixedAffected

 

gnupg2-smime

package type: binary

type: version
unfixedAffected

 

gnupg2

package type: source

type: version

tag: rhel-7-supplementary:a5d82b87-12e0-d8cf-fe19-bd383075b7a8

redhat:8
CVE-2026-24881

redhat-vex

OR

unfixedAffected

 

gnupg2

package type: binary

type: version
unfixedAffected

 

gnupg2-smime

package type: binary

type: version
unfixedAffected

 

gnupg2

package type: source

type: version

tag: rhel-8-including-unpatched:32f71210-26fe-0b66-c6ee-ea579b914049

redhat:9
CVE-2026-24881

redhat-vex

OR

unfixedAffected

 

gnupg2

package type: binary

type: version
unfixedAffected

 

gnupg2-smime

package type: binary

type: version
unfixedAffected

 

gnupg2

package type: source

type: version

tag: rhel-9-including-unpatched:414a5c6b-7229-12e8-4049-8e3b509f8f2a

Data Sources

  • RedHat Enterprise Linux CSAF VEX

    redhat-vex

VulsFutureVuls|GitHub Logo IconGitHub