Medium severity4.0NVD Advisory· Published Apr 23, 2026· Updated Apr 27, 2026
CVE-2026-41990
CVE-2026-41990
Description
Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- dev.gnupg.org/T8208nvdBroken Link
- lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.htmlnvdMailing ListRelease Notes
- www.openwall.com/lists/oss-security/2026/04/21/1nvdMailing ListRelease Notes
News mentions
0No linked articles in our index yet.