What is CVE-2026-2625?

CVE-2026-2625 is a medium-severity vulnerability in Sequoia-pgp Rpm-sequoia, classified under Improper Verification of Cryptographic Signature. CVSS score: 4.0/10. Published 2026-04-03.

How severe is CVE-2026-2625?

Medium severity. CVSS v3 base score is 4.0 out of 10.

Vulnerability in Sequoia-pgp Rpm-sequoia

CVE-2026-2625

A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager (RPM) file. During the RPM signature verification process, this crafted file can trigger an error in…

EPSS: 0.000 (0.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.0 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.

Affected products

Sequoia-pgp Rpm-sequoia
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 9
Red Hat Hardened Images — versions 1.10.1.1-1.2.hum1
Redhat Enterprise_linux — versions 9.0, 10.0
Redhat Hardened_images

Weakness classification (CWE)

CWE-347 — Improper Verification of Cryptographic Signature

References

RHSA-2026:12682 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, Third Party Advisory, Mitigation, vdb-entry)
RHBZ#2440357 (x_refsource_REDHAT, issue-tracking, Third Party Advisory, Issue Tracking)

Frequently asked questions

What is CVE-2026-2625?: CVE-2026-2625 is a medium-severity vulnerability in Sequoia-pgp Rpm-sequoia, classified under Improper Verification of Cryptographic Signature. CVSS score: 4.0/10. Published 2026-04-03.
How severe is CVE-2026-2625?: Medium severity. CVSS v3 base score is 4.0 out of 10.