Home > Vulnerability Database > CVE-2025-26696

Mend.io Vulnerability Database

CVE-2025-26696

Date: March 10, 2025

Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8.

Severity Score

7.0

Related Resources (5)

Url: https://www.mozilla.org/security/advisories/mfsa2025-18/

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-26696

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1864205

Url: https://www.mozilla.org/security/advisories/mfsa2025-17/

Url: https://www.mend.io/vulnerability-database/CVE-2025-26696

Severity Score

7.0

Weakness Type (CWE)

Authentication Bypass by Spoofing

CWE-290

CVSS v3.1

Base Score:	7.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-26696

Date: March 10, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?