{"id":"JLSEC-2026-124","details":"The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.","modified":"2026-04-17T13:15:25.250291Z","published":"2026-04-17T13:07:52.234Z","upstream":["CVE-2021-40528"],"database_specific":{"license":"CC-BY-4.0","sources":[{"imported":"2026-04-17T00:51:47.261Z","database_specific":{"status":"Modified"},"published":"2021-09-06T19:15:07.587Z","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-40528","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-40528","id":"CVE-2021-40528","modified":"2025-06-09T16:15:33Z"}]},"references":[{"type":"WEB","url":"https://eprint.iacr.org/2021/923"},{"type":"WEB","url":"https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=3462280f2e23e16adf3ed5176e0f2413d8861320"},{"type":"WEB","url":"https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1"},{"type":"WEB","url":"https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202210-13"},{"type":"WEB","url":"https://eprint.iacr.org/2021/923"},{"type":"WEB","url":"https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=3462280f2e23e16adf3ed5176e0f2413d8861320"},{"type":"WEB","url":"https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1"},{"type":"WEB","url":"https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202210-13"}],"affected":[{"package":{"name":"Libgcrypt_jll","ecosystem":"Julia","purl":"pkg:julia/Libgcrypt_jll?uuid=d4300ac3-e22c-5743-9152-c294e39db1e4"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.11.0+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-124.json"}}],"schema_version":"1.7.5"}