CVE-2026-41990

Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.

medium 4.0 CVSS 3.1
Published: Apr 23, 2026
Modified: Apr 24, 2026

Description

Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.

References