CVE-2026-6861

Published Apr 22, 2026

Last updated 23 days ago

CVSS medium 6.1

Overview

Description
A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG (Scalable Vector Graphics) CSS (Cascading Style Sheets) data. A local user could exploit this by convincing a victim to open a malicious SVG file, which may lead to a denial of service (DoS) or potentially information disclosure.
Source
secalert@redhat.com
NVD status
Analyzed
Products
emacs

Risk scores

CVSS 3.1

Type
Primary
Base score
7.1
Impact score
5.2
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Severity
HIGH

Weaknesses

secalert@redhat.com
CWE-193

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)CVE-2024-53920
  2. In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.CVE-2024-39331
  3. In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.CVE-2024-30205
  4. In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.CVE-2024-30204
  5. In Emacs before 29.3, Gnus treats inline MIME contents as trusted.CVE-2024-30203

References

Sources include official advisories and independent security research.