CVE-2026-2625
Vulnerability
CVE-2026-2625
rust-rpm-sequoia: rust-rpm-sequoia: Denial of Service via crafted RPM file during signature verification
ecosystem: redhat:9, redhat:10No description is available for this CVE.
References
- secalert@redhat.com: https://access.redhat.com/security/cve/CVE-2026-2625
- secalert@redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2440357
- secalert@redhat.com: https://nvd.nist.gov/vuln/detail/CVE-2026-2625
- secalert@redhat.com: https://www.cve.org/CVERecord?id=CVE-2026-2625
severityM
Moderate
type: vendor
source: secalert@redhat.com
CVSS3.1
4MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
| AV | Local | |
|---|---|---|
| AC | Low | |
| PR | None | |
| UI | None | |
| S | Not Changed | |
| C | None | |
| I | None | |
| A | Low |
source: secalert@redhat.com
 CWE
CWE-347Improper Verification of Cryptographic Signature
source: secalert@redhat.com
published: 2026-02-17 12:34:00
modified: 2026-02-18 07:57:05
Detection
redhat:10
CVE-2026-2625
redhat-vex
OR
unfixedFix deferred
 
rpm-sequoia
package type: binary
type: version
unfixedFix deferred
 
rpm-sequoia-devel
package type: binary
type: version
tag: rhel-10:e8d18a0f-5f1b-8140-2128-3082275c99fb
redhat:9
CVE-2026-2625
redhat-vex
OR
unfixedFix deferred
 
rpm-sequoia
package type: binary
type: version
unfixedFix deferred
 
rpm-sequoia-devel
package type: binary
type: version
tag: rhel-9-including-unpatched:d24b0fa1-f832-0be2-45b0-f0d841b31925
Data Sources
- RedHat Enterprise Linux CSAF VEX
redhat-vex
