What is the CVSS score of CVE-2026-24881?

CVE-2026-24881 has a CVSS 3.1 base score of 8.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of Gnupg are affected by CVE-2026-24881?

A critical vulnerability in GnuPG's S/MIME handling could allow attackers to crash or potentially execute code on systems processing encrypted emails, affecting organizations that rely on GnuPG for…. A patch is available.

Is there a public PoC exploit available for CVE-2026-24881?

Yes, a public proof-of-concept exploit is available for CVE-2026-24881. Prioritise patching immediately. EPSS: 0.2%.

Gnupg CVE-2026-24881

HIGH

Stack-based Buffer Overflow (CWE-121)

2026-01-27 cve@mitre.org

RCE Buffer Overflow Denial Of Service Memory Corruption Stack Overflow Red Hat Gnupg Gpg4win Suse

8.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Apr 09, 2026 - 20:30 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 12, 2026 - 18:15 vuln.today

Public exploit code

CVE Published

Jan 27, 2026 - 19:16 nvd

HIGH 8.1

DescriptionNVD

In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.

AnalysisAI

GnuPG's gpg-agent fails to properly validate session key sizes in S/MIME messages, allowing remote attackers to trigger a stack buffer overflow via oversized CMS EnvelopedData payloads. Public exploit code exists for this vulnerability, which affects GnuPG versions before 2.5.17 and can be weaponized for denial of service or potentially remote code execution. …

RemediationAI

Within 24 hours: Identify all systems running GnuPG versions before 2.5.17 and assess their exposure to untrusted S/MIME messages; disable S/MIME processing where possible. Within 7 days: Implement network-based controls to restrict S/MIME message sources, monitor gpg-agent processes for crashes, and communicate with users about the risks of processing S/MIME from untrusted sources. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory