VDB
DEBIAN-CVE-2025-26696
DEBIAN-CVE-2025-26696
PUBLISHED
CVSS 7 HIGH
Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8.
Risk Scores
CVSS v3.1
7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | thunderbird | 128.4.3, 128.4.3, 128.4.3 |
| Debian:13 | thunderbird | 0, 0 |
| Debian:14 | thunderbird | 0, 0 |
| Debian:11 | thunderbird | 102.15.0-1, 102.15.0-1, 102.15.0-1 |
Timeline
- Mar 10, 2025 CVE Published
- Apr 28, 2026 CVE Updated