CVE-2026-24881
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Tags
Description
In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.
Analysis
GnuPG's gpg-agent fails to properly validate session key sizes in S/MIME messages, allowing remote attackers to trigger a stack buffer overflow via oversized CMS EnvelopedData payloads. Public exploit code exists for this vulnerability, which affects GnuPG versions before 2.5.17 and can be weaponized for denial of service or potentially remote code execution. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running GnuPG versions before 2.5.17 and assess their exposure to untrusted S/MIME messages; disable S/MIME processing where possible. Within 7 days: Implement network-based controls to restrict S/MIME message sources, monitor gpg-agent processes for crashes, and communicate with users about the risks of processing S/MIME from untrusted sources. …
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today