CVE-2026-2625 — Vulnetix

CVE-2026-2625 PUBLISHED CVSS 4 MEDIUM

A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager (RPM) file. During the RPM signature verification process, this crafted file can trigger an error in the OpenPGP signature parsing code, leading to an unconditional termination of the rpm process. This issue results in an application level denial of service, making the system unable to process RPM files for signature verification.

EPSS 0.01% · 0.5th percentile

Risk Scores

CVSS v3.1

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS Score

0.01%

0.5th percentile

Affected Products

Vendor	Product	Versions
Red Hat	Red Hat Enterprise Linux 10
Red Hat	Red Hat Enterprise Linux 9
Red Hat	Red Hat Hardened Images 1

Timeline

Feb 17, 2026 CVE Published
Apr 3, 2026 PoC Published
Apr 4, 2026 Security Advisory
May 2, 2026 Distribution Patch
May 2, 2026 Security Advisory
May 18, 2026 EPSS Score
May 19, 2026 EPSS Score
May 20, 2026 EPSS Score
May 21, 2026 EPSS Score
May 22, 2026 EPSS Score
May 23, 2026 EPSS Score
May 24, 2026 EPSS Score

References

https://access.redhat.com/security/cve/CVE-2026-2625 vdb
RHBZ#2440357 issue
https://nvd.nist.gov/vuln/detail/CVE-2026-2625 advisory

Open in Interactive Console →