{"id":"CVE-2026-41990","details":"Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.","modified":"2026-05-28T04:11:55.851856585Z","published":"2026-04-23T04:39:04.524Z","database_specific":{"cna_assigner":"mitre","cwe_ids":["CWE-787"],"unresolved_ranges":[{"extracted_events":[{"introduced":"1.12.0"},{"fixed":"1.12.2"}],"source":"AFFECTED_FIELD"},{"extracted_events":[{"introduced":"1.12.0"},{"fixed":"1.12.2"}],"source":"CPE_FIELD"},{"extracted_events":[{"fixed":"1.12.2"}],"source":"DESCRIPTION"}],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41990.json"},"references":[{"type":"WEB","url":"https://dev.gnupg.org/T8208"},{"type":"WEB","url":"https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2026/04/21/1"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41990.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41990"}],"affected":[{"ranges":[{"type":"GIT","repo":"git://git.gnupg.org/libgcrypt.git","events":[{"introduced":"efd5e1e7b4e7861b53eafdbf197fd6d4ff6f45e1"},{"fixed":"efc346430901b84f1f580a147191624d7ded0db6"}],"database_specific":{"extracted_events":[{"introduced":"1.12.0"},{"fixed":"1.12.2"}],"source":"CPE_RANGE","cpe":"cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*"}}],"versions":["libgcrypt-1.12.1","libgcrypt-1.12.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-41990.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/gpg/libgcrypt","events":[{"introduced":"efd5e1e7b4e7861b53eafdbf197fd6d4ff6f45e1"},{"fixed":"efc346430901b84f1f580a147191624d7ded0db6"}],"database_specific":{"cpe":"cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*","source":"CPE_RANGE","extracted_events":[{"introduced":"1.12.0"},{"fixed":"1.12.2"}]}}],"versions":["libgcrypt-1.12.1","libgcrypt-1.12.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-41990.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"}]}