CVE-2026-24881

Summary

In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT–kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.

Affected Software

VendorProductVersion RangeStatus
GnuPGGnuPG2.5.13 < 2.5.17affected

Weaknesses

  • CWE-121: CWE-121 Stack-based Buffer Overflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

GnuPG: GnuPG: Remote code execution and denial of service via crafted CMS EnvelopedData message

Additional References

References