Cyber Posture

CVE-2026-24882

HighPublic PoC

Published: 27 January 2026

Published
27 January 2026
Modified
06 February 2026
KEV Added
Patch
CVSS Score 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 0.6th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-24882 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Gnupg Gnupg. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the stack-based buffer overflow in GnuPG tpm2daemon by requiring timely flaw remediation through upgrade to version 2.5.17 or later.

SI-16 Memory Protection good match
prevent

Implements memory protections like stack canaries, ASLR, and non-executable stacks to block exploitation of the stack buffer overflow for arbitrary code execution.

SI-10 Information Input Validation partial match
prevent

Requires validation of inputs to the PKDECRYPT command in tpm2daemon to prevent buffer overflows from malformed or oversized data.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Stack-based buffer overflow in local tpm2daemon component enables arbitrary code execution (or DoS) by unprivileged local attacker with no user interaction, directly mapping to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.

Deeper analysisAI

CVE-2026-24882 is a stack-based buffer overflow vulnerability, classified under CWE-121, affecting GnuPG versions before 2.5.17. The flaw resides in the tpm2daemon component during processing of the PKDECRYPT command for TPM-backed RSA and ECC keys. Published on 2026-01-27, it carries a CVSS v3.1 base score of 8.4.

A local attacker with no privileges required can exploit this vulnerability with low attack complexity and no user interaction. The vector is local (AV:L), unchanged scope (S:U), enabling high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), such as arbitrary code execution or system crashes.

Advisories recommend upgrading to GnuPG 2.5.17 or later to mitigate the issue. Additional details are available in the GnuPG development ticket at https://dev.gnupg.org/T8045 and the OSS-Security mailing list post at https://www.openwall.com/lists/oss-security/2026/01/27/8.

Details

CWE(s)
CWE-121

Affected Products

gnupg
gnupg
2.5.13 — 2.5.17
gpg4win
gpg4win
5.0.0 — 5.0.1

CVEs Like This One

CVE-2026-24881Same product: Gnupg Gnupg
CVE-2025-70616Shared CWE-121
CVE-2026-39457Shared CWE-121
CVE-2026-21224Shared CWE-121
CVE-2025-47391Shared CWE-121
CVE-2025-24928Shared CWE-121
CVE-2025-70083Shared CWE-121
CVE-2025-25066Shared CWE-121
CVE-2026-32708Shared CWE-121
CVE-2026-23995Shared CWE-121

References