Skip to main content

GNU Emacs CVE-2026-6861

| EUVDEUVD-2026-24955 MEDIUM
Off-by-one Error (CWE-193)
2026-04-22 secalert@redhat.com GHSA-w658-hxq6-43mx
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
SUSE
MEDIUM
qualitative
Red Hat
6.1 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

5
Patch released
Apr 29, 2026 - 02:30 nvd
Patch available
Analysis Generated
Apr 22, 2026 - 15:03 vuln.today
EUVD ID Assigned
Apr 22, 2026 - 14:22 euvd
EUVD-2026-24955
Analysis Generated
Apr 22, 2026 - 14:22 vuln.today
CVE Published
Apr 22, 2026 - 14:17 nvd
MEDIUM 6.1

DescriptionCVE.org

A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG (Scalable Vector Graphics) CSS (Cascading Style Sheets) data. A local user could exploit this by convincing a victim to open a malicious SVG file, which may lead to a denial of service (DoS) or potentially information disclosure.

AnalysisAI

Memory corruption in GNU Emacs SVG/CSS processing allows local attackers to trigger denial of service or information disclosure by convincing users to open specially crafted SVG files. The vulnerability requires user interaction (file opening) and local access, but results in significant impact including service disruption and potential data leakage through memory corruption exploitation.

Technical ContextAI

GNU Emacs contains a memory corruption vulnerability (CWE-193: Off-by-one Error) in its SVG rendering pipeline, specifically within CSS stylesheet parsing for SVG documents. The flaw occurs when Emacs processes specially crafted CSS data embedded in or associated with SVG files. SVG is an XML-based vector graphics format often embedded in documents; Emacs' built-in image display capabilities parse SVG files, including their CSS styling rules. The off-by-one error leads to buffer overflow conditions during CSS attribute processing, allowing attackers to corrupt heap or stack memory. This affects the core librsvg integration or Emacs' own SVG/CSS handling routines.

RemediationAI

Apply vendor-released patch when available from GNU Emacs maintainers or Red Hat security advisory. Users should update Emacs to the fixed version referenced in https://access.redhat.com/security/cve/CVE-2026-6861 and monitor https://bugzilla.redhat.com/show_bug.cgi?id=2459992 for remediation details. As immediate workaround, disable SVG image rendering in Emacs by setting (setq image-types (remove 'svg image-types)) in the Emacs initialization file, or avoid opening untrusted SVG files. This workaround eliminates the attack surface but removes legitimate SVG viewing capability. Users with high trust in document sources may accept the risk of keeping SVG enabled while awaiting patches.

More in Emacs

View all
CVE-2012-0035 CRITICAL
9.3 Jan 19

Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, a

CVE-2024-39331 CRITICAL
9.8 Jun 23

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe

CVE-2017-14482 HIGH
8.8 Sep 14

GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enric

CVE-2024-53920 HIGH
7.8 Nov 27

In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion)

CVE-2024-30202 HIGH
7.8 Mar 25

In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. Rated high severity (CVSS 7.8), t

CVE-2023-2491 HIGH
7.8 May 17

A flaw was found in the Emacs text editor. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

CVE-2023-27986 HIGH
7.8 Mar 09

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto

CVE-2023-27985 HIGH
7.8 Mar 09

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto:

CVE-2022-45939 HIGH
7.8 Nov 28

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file,

CVE-2014-9483 HIGH
7.5 Aug 28

Emacs 24.4 allows remote attackers to bypass security restrictions. Rated high severity (CVSS 7.5), this vulnerability i

CVE-2012-3479 MEDIUM
6.8 Aug 25

lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the

CVE-2024-30205 HIGH
7.1 Mar 25

In Emacs before 29.3, Org mode considers contents of remote files to be trusted. Rated high severity (CVSS 7.1), this vu

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed

Share

CVE-2026-6861 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy