CVE-2025-26696

Public on 2025-03-10
Modified on 2025-03-12
Description
Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8.
Severity
Medium severity
Medium
CVSS v3 Base Score
5.7
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
HAQM Linux 2 - Core thunderbird 2025-03-26 ALAS2-2025-2807 Fixed

CVSS Scores

Score Type Score Vector
HAQM Linux CVSSv3 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
NVD CVSSv3 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

References

Red Hat: CVE-2025-26696 Mitre: CVE-2025-26696