cve-2026-57062

  1. CVE-2026-57062 GnuPG gpgsm AES-GCM CMS Bug: Low Severity, Big Parsing Lesson

    CVE-2026-57062 is a low-severity GnuPG flaw disclosed in late June 2026 in which gpgsm, the S/MIME component of GnuPG through version 2.5.20, accepts a four-byte AES-GCM integrity-check length in CMS data where twelve bytes are expected. That sounds like the sort of cryptographic footnote most...