PT-2026-34641 · Libgcrypt+2 · Libgcrypt+2

Published

2026-04-23

Updated

2026-05-27

CVE-2026-41990

CVSS v3.1

4.0

Medium

Vector

AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions Libgcrypt versions prior to 1.12.2

Description Libgcrypt mishandles Dilithium signing. Specifically, writes to a static array lack a bounds check, although these writes do not use attacker-controlled data.

Recommendations Update to version 1.12.2.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2026-41990

JLSEC-2026-497

RHSA-2026:8466

USN-8319-1

Affected Products

Libgcrypt

Linuxmint

Ubuntu

PT-2026-34641 · Libgcrypt+2 · Libgcrypt+2

CVE-2026-41990

Weakness Enumeration

Related Identifiers

Affected Products

References · 18