CVE-2026-6861

CVE-2026-6861

Name

CVE-2026-6861

Description

A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG (Scalable Vector Graphics) CSS (Cascading Style Sheets) data. A local user could exploit this by convincing a victim to open a malicious SVG file, which may lead to a denial of service (DoS) or potentially information disclosure.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2026-6861
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2459992

Type

URI

secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2026-6861

secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2459992

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:gnu:emacs::::::::`	emacs	>= 28.1	<= 30.2

CPE URI

Source package

Min version

Max version

cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*

emacs

>= 28.1

<= 30.2

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
emacs	edge-community	30.2-r2	Lindsay Zhou <i@lin.moe>	possibly vulnerable
emacs	edge-community	30.2-r1	Celeste <cielesti@protonmail.com>	possibly vulnerable
emacs	edge-community	30.2-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
emacs	edge-community	30.1-r2	Celeste <cielesti@protonmail.com>	possibly vulnerable
emacs	edge-community	30.1-r1	Celeste <cielesti@protonmail.com>	possibly vulnerable
emacs	edge-community	30.1-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
emacs	edge-community	29.4-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
emacs	edge-community	28.2-r9	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
emacs	edge-community	28.2-r8	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
emacs	edge-community	28.2-r7	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
emacs	edge-community	28.2-r6	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
emacs	edge-community	28.2-r5	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
emacs	edge-community	28.2-r4	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
emacs	edge-community	28.2-r3	None	possibly vulnerable
emacs	3.23-community	30.2-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages