CVE-2026-2625

| EUVD-2026-18815 MEDIUM
2026-04-03 redhat GHSA-4pr8-8cvj-qg4h GHSA-5mvg-hq8x-4fhj GHSA-63pv-7q5h-42xq GHSA-6q5j-vm4q-pg2w GHSA-8h65-hm9c-rm83 GHSA-hj36-wjv6-r2jg
4.0
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

3
EUVD ID Assigned
Apr 03, 2026 - 19:00 euvd
EUVD-2026-18815
Analysis Generated
Apr 03, 2026 - 19:00 vuln.today
CVE Published
Apr 03, 2026 - 18:38 nvd
MEDIUM 4.0

Tags

Denial Of Service Redhat Jwt Attack

Description

A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager (RPM) file. During the RPM signature verification process, this crafted file can trigger an error in the OpenPGP signature parsing code, leading to an unconditional termination of the rpm process. This issue results in an application level denial of service, making the system unable to process RPM files for signature verification.

Analysis

Denial of service in rust-rpm-sequoia allows local attackers to crash RPM signature verification by submitting specially crafted RPM files that trigger unhandled errors in OpenPGP parsing, preventing legitimate package management operations. CVSS 4.0 (low severity), local attack vector, non-authenticating. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

20
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +20
POC: 0

Vendor Status

Share

CVE-2026-2625 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy