{"id":"CVE-2026-41990","details":"Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.","modified":"2026-07-15T01:49:22.580300435Z","published":"2026-04-23T04:39:04.524Z","related":["SUSE-SU-2026:22270-1","SUSE-SU-2026:22355-1","openSUSE-SU-2026:21047-1"],"database_specific":{"cwe_ids":["CWE-787"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41990.json","unresolved_ranges":[{"extracted_events":[{"introduced":"1.12.0"},{"fixed":"1.12.2"}],"source":"AFFECTED_FIELD"},{"extracted_events":[{"introduced":"1.12.0"},{"fixed":"1.12.2"}],"source":"CPE_FIELD"},{"source":"DESCRIPTION","extracted_events":[{"fixed":"1.12.2"}]}],"cna_assigner":"mitre"},"references":[{"type":"WEB","url":"https://dev.gnupg.org/T8208"},{"type":"WEB","url":"https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2026/04/21/1"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41990.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41990"}],"affected":[{"ranges":[{"type":"GIT","repo":"git://git.gnupg.org/libgcrypt.git","events":[{"introduced":"efd5e1e7b4e7861b53eafdbf197fd6d4ff6f45e1"},{"fixed":"efc346430901b84f1f580a147191624d7ded0db6"}],"database_specific":{"cpe":"cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"1.12.0"},{"fixed":"1.12.2"}],"source":"CPE_RANGE"}}],"versions":["libgcrypt-1.12.1","libgcrypt-1.12.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-41990.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/gpg/libgcrypt","events":[{"introduced":"efd5e1e7b4e7861b53eafdbf197fd6d4ff6f45e1"},{"fixed":"efc346430901b84f1f580a147191624d7ded0db6"}],"database_specific":{"source":"CPE_RANGE","cpe":"cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"1.12.0"},{"fixed":"1.12.2"}]}}],"versions":["libgcrypt-1.12.1","libgcrypt-1.12.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-41990.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"}]}