Memory Corruption Vulnerability in GNU Emacs Affecting SVG Processing
CVE-2026-6861

6.1MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-6861?

A memory corruption flaw in GNU Emacs allows local users to exploit improperly handled SVG CSS data. By enticing victims to open crafted SVG files, attackers could trigger denial of service conditions or expose sensitive information, compromising system integrity and user data confidentiality.

References

https://access.redhat.com/security/cve/CVE-2026-6861

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2459992

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Apr 22, 2026

Credit

Red Hat would like to thank Gaetano Zappulla (Tinexta Defence SpA) for reporting this issue.

CVE-2026-6861 Data

JSON