Severity by source
AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CMS messages are delivered over network channels such as email (AV:N); crafting a valid malformed ICV requires expertise (AC:H); a user must trigger gpgsm processing (UI:R); no confidentiality impact is supported by the description.
Primary rating from Vendor (mitre).
CVSS VectorVendor: mitre
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182.
AnalysisAI
GnuPG's gpgsm component through version 2.5.20 improperly validates AES-GCM authentication tag length during CMS parsing, accepting a 4-byte ICV where the cryptographic standard mandates 12 bytes. This validation failure means gpgsm will process CMS-formatted messages with a truncated integrity check value, undermining the authentication guarantee that AES-GCM is specifically designed to provide. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the target runs GnuPG through 2.5.20 and uses the gpgsm component to process externally-supplied CMS-formatted data containing AES-GCM encryption. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score of 2.9 (Low) with vector AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N places this at the lowest practical threat tier. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malicious CMS-formatted message containing AES-GCM ciphertext with a deliberately shortened 4-byte ICV field rather than the required 12 bytes, then delivers it to a target who processes it with gpgsm (for example, via an S/MIME email). The parser accepts the truncated ICV without raising a validation error, potentially allowing forged or attacker-modified ciphertext to pass AES-GCM integrity verification undetected. … |
| Remediation | The primary remediation is to upgrade GnuPG to a version released after 2.5.20 that addresses this ICV length validation flaw; consult the official GnuPG download page at https://www.gnupg.org/download/ for the latest release, as no specific patched version number was confirmed in the available intelligence data. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Remote code execution and denial of service in GnuPG before 2.5.17 stem from a stack-based buffer overflow in gpg-agent
Stack-based buffer overflow in GnuPG's tpm2daemon (versions before 2.5.17) allows a local attacker to corrupt the daemon
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid bac
In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38550
GHSA-m6x2-4hhh-669j