{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2026-41989", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-04-23T04:30:25.690Z", "datePublished": "2026-04-23T04:30:26.124Z", "dateUpdated": "2026-04-23T16:22:47.896Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Libgcrypt", "vendor": "gnupg", "versions": [{"lessThan": "1.10.4", "status": "affected", "version": "1.8.8", "versionType": "semver"}, {"lessThan": "1.11.3", "status": "affected", "version": "1.11.0", "versionType": "semver"}, {"lessThan": "1.12.2", "status": "affected", "version": "1.12.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-23T05:10:34.992Z"}, "references": [{"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html"}, {"url": "https://dev.gnupg.org/T8211"}, {"url": "https://www.openwall.com/lists/oss-security/2026/04/21/1"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.8.8", "versionEndExcluding": "1.10.4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.11.0", "versionEndExcluding": "1.11.3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.12.0", "versionEndExcluding": "1.12.2"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-23T15:58:58.277481Z", "id": "CVE-2026-41989", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-23T16:22:47.896Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-41989", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-23T15:58:58.277481Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-23T16:08:09.258Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "gnupg", "product": "Libgcrypt", "versions": [{"status": "affected", "version": "1.8.8", "lessThan": "1.10.4", "versionType": "semver"}, {"status": "affected", "version": "1.11.0", "lessThan": "1.11.3", "versionType": "semver"}, {"status": "affected", "version": "1.12.0", "lessThan": "1.12.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html"}, {"url": "https://dev.gnupg.org/T8211"}, {"url": "https://www.openwall.com/lists/oss-security/2026/04/21/1"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1.10.4", "versionStartIncluding": "1.8.8"}, {"criteria": "cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1.11.3", "versionStartIncluding": "1.11.0"}, {"criteria": "cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1.12.2", "versionStartIncluding": "1.12.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-23T05:10:34.992Z"}}}, "cveMetadata": {"cveId": "CVE-2026-41989", "state": "PUBLISHED", "dateUpdated": "2026-04-23T16:22:47.896Z", "dateReserved": "2026-04-23T04:30:25.690Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-23T04:30:26.124Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*", "matchCriteriaId": "284D6896-05FC-45E8-8D29-653A20433E9E", "versionEndExcluding": "1.10.4", "versionStartIncluding": "1.8.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*", "matchCriteriaId": "D47D4091-14A2-4E49-9FFD-3F6C5017A9AC", "versionEndExcluding": "1.11.3", "versionStartIncluding": "1.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD6AEDAC-5EDC-4918-877A-A16792DB52A2", "versionEndExcluding": "1.12.2", "versionStartIncluding": "1.12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt."}], "id": "CVE-2026-41989", "lastModified": "2026-04-27T18:33:18.157", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 5.2, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2026-04-23T05:16:05.750", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://dev.gnupg.org/T8211"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2026/04/21/1"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "cve@mitre.org", "type": "Primary"}]}

{"bugzilla": {"description": "Libgcrypt: Libgcrypt: Denial of Service and buffer overflow via crafted ECDH ciphertext", "id": "2461063", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461063"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-131", "details": ["A flaw was found in Libgcrypt. A remote attacker could exploit this vulnerability by sending crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext to the `gcry_pk_decrypt` function. This can lead to a heap-based buffer overflow, potentially causing a denial of service (DoS) condition."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-41989", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "libgcrypt", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "libgcrypt", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "libgcrypt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "libgcrypt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "libgcrypt", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Affected", "package_name": "libgcrypt", "product_name": "Red Hat Hardened Images"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-04-23T04:30:26Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-41989\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-41989\nhttps://dev.gnupg.org/T8211\nhttps://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html\nhttps://www.openwall.com/lists/oss-security/2026/04/21/1"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.8.8,1.10.4)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.11.0,1.11.3)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.12.0,1.12.2)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "libgcrypt", "vendor": "gnupg"}], "analysis": {"en": {"generated_at": "2026-04-28T07:38:31.825430+00:00", "value": {"mitigation_remediation": ["Update Libgcrypt to version 1.12.2 or later to remove the vulnerable code.", "Apply any vendor\u2011issued security patches that address this overflow.", "If a quick upgrade is not feasible, add application\u2011level input validation to reject ECDH ciphertexts that exceed the expected size range and isolate cryptographic operations in a restricted or sandboxed environment."], "summary": {"action": "Apply Patch", "impact": "Denial of Service and heap\u2011based buffer overflow"}, "threat_synthesis": {"affected_systems": "The flaw exists in all releases of Libgcrypt older than 1.12.2. Any system that incorporates Libgcrypt before that version\u2014such as GnuPG and other cryptographic applications\u2014may be affected unless the library has been upgraded or patched.", "description_and_impact": "A crafted ECDH ciphertext can cause Libgcrypt to overflow a heap buffer during decryption, which may crash the process and deny service. The vulnerability is rooted in improper handling of ciphertext size and memory allocation, as reflected by the CWE identifiers for buffer over\u2011read and overflow.", "risk_and_exploitability": "The CVSS score of 6.7 indicates a medium severity, while the EPSS score of less than 1% suggests that exploitation is currently unlikely. The vulnerability is not listed in CISA\u2019s KEV catalog, reducing the likelihood of widespread attacks. However, the attack vector is inferred to require delivery of a crafted ciphertext to the library, meaning that any application or service that feeds external data into gcry_pk_decrypt is potentially at risk."}}}}, "created": "2026-04-28T06:00:08.467961+00:00", "updated": "2026-04-28T07:45:26.034649+00:00", "vendors": ["gnupg", "gnupg$PRODUCT$libgcrypt"]}