CVE-2026-57062 is a low-severity GnuPG flaw disclosed in late June 2026 in which gpgsm, the S/MIME component of GnuPG through version 2.5.20, accepts a four-byte AES-GCM integrity-check length in CMS data where twelve bytes are expected. That sounds like the sort of cryptographic footnote most...