Cyber Resilience

CVE-2026-24882

HighPublic PoCUpdated

Published: 27 January 2026

Published
27 January 2026
Modified
30 June 2026
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0039 30.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-24882 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Gnupg Gnupg. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 30.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-24882 is a stack-based buffer overflow vulnerability, classified under CWE-121, affecting GnuPG versions before 2.5.17. The flaw resides in the tpm2daemon component during processing of the PKDECRYPT command for TPM-backed RSA and ECC keys. Published on 2026-01-27, it carries a CVSS v3.1 base score of 8.4.

A local attacker with no privileges required can exploit this vulnerability with low attack complexity and no user interaction. The vector is local (AV:L), unchanged scope (S:U), enabling high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), such as arbitrary code execution or system crashes.

Advisories recommend upgrading to GnuPG 2.5.17 or later to mitigate the issue. Additional details are available in the GnuPG development ticket at https://dev.gnupg.org/T8045 and the OSS-Security mailing list post at https://www.openwall.com/lists/oss-security/2026/01/27/8.

EU & UK References

Vulnerability details

In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Stack-based buffer overflow in local tpm2daemon component enables arbitrary code execution (or DoS) by unprivileged local attacker with no user interaction, directly mapping to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-24881Same product: Gnupg Gnupg
CVE-2025-70083Shared CWE-121
CVE-2026-32708Shared CWE-121
CVE-2026-44858Shared CWE-121
CVE-2026-39461Shared CWE-121
CVE-2024-10239Shared CWE-121
CVE-2026-43958Shared CWE-121
CVE-2026-44857Shared CWE-121
CVE-2025-24928Shared CWE-121
CVE-2026-23995Shared CWE-121

Affected Assets

gnupg
gnupg
2.5.13 — 2.5.17
gpg4win
gpg4win
5.0.0 — 5.0.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the stack-based buffer overflow in GnuPG tpm2daemon by requiring timely flaw remediation through upgrade to version 2.5.17 or later.

prevent

Implements memory protections like stack canaries, ASLR, and non-executable stacks to block exploitation of the stack buffer overflow for arbitrary code execution.

prevent

Requires validation of inputs to the PKDECRYPT command in tpm2daemon to prevent buffer overflows from malformed or oversized data.

References