CVE Catalog
CVE-2026-41989
MediumCVSS 6.7Exploitation Probability (EPSS)
Low risk0.18%
8th percentile - higher than 8% of all known CVEs
Summary
A vulnerability in Libgcrypt before version 1.12.2 allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext passed to gcry_pk_decrypt.
Risk Assessment
An attacker can remotely crash an application using Libgcrypt, leading to service disruption (DoS).
Recommendation
Immediately update Libgcrypt to version 1.12.2 or later.
Original NVD description (English source)
Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.

