CVE-2026-6861

Emacs: emacs: memory corruption vulnerability when processing svg css

Published: 4/22/2026 Last updated: 4/22/2026 Reserved: 4/22/2026

A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG (Scalable Vector Graphics) CSS (Cascading Style Sheets) data. A local user could exploit this by convincing a victim to open a malicious SVG file, which may lead to a denial of service (DoS) or potentially information disclosure.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	6.1	Medium	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

Opam packages affected (1)

conf-emacs

Products affected (5)

Product	Vendor	Version
Red Hat Enterprise Linux 10	Red Hat	n/a
Red Hat Enterprise Linux 6	Red Hat	n/a
Red Hat Enterprise Linux 7	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	n/a

References (2)

Credits (1)

Red Hat would like to thank Gaetano Zappulla (Tinexta Defence SpA) for reporting this issue.