CVE-2026-41990

· NIST NVD ↗

Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.

MEDIUM
CVSS severity
4
CVSS base score
2026-04-23
Published

CWE codes

CWE-787

Affected products

gnupg:libgcrypt

Sources