What is the CVSS score of CVE-2026-2625?

CVE-2026-2625 has a CVSS 3.1 base score of 4.0 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L. EPSS exploitation probability: 0.0%.

Jwt Attack CVE-2026-2625

EUVD-2026-18815 MEDIUM

Improper Verification of Cryptographic Signature (CWE-347)

2026-04-03 redhat

GHSA-4pr8-8cvj-qg4h

GHSA-5mvg-hq8x-4fhj

GHSA-63pv-7q5h-42xq

GHSA-6q5j-vm4q-pg2w

GHSA-8h65-hm9c-rm83

GHSA-hj36-wjv6-r2jg

Denial Of Service Red Hat Jwt Attack

4.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Apr 03, 2026 - 19:00 euvd

EUVD-2026-18815

Analysis Generated

Apr 03, 2026 - 19:00 vuln.today

CVE Published

Apr 03, 2026 - 18:38 nvd

MEDIUM 4.0

DescriptionNVD

A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager (RPM) file. During the RPM signature verification process, this crafted file can trigger an error in the OpenPGP signature parsing code, leading to an unconditional termination of the rpm process. This issue results in an application level denial of service, making the system unable to process RPM files for signature verification.

AnalysisAI

Denial of service in rust-rpm-sequoia allows local attackers to crash RPM signature verification by submitting specially crafted RPM files that trigger unhandled errors in OpenPGP parsing, preventing legitimate package management operations. CVSS 4.0 (low severity), local attack vector, non-authenticating. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory