CVE-2026-13324 - Vulnerability Details

A vulnerability has been identified in the **GNOME Geary** package within its **`mailto` URI handling** component. This flaw occurs because the email client automatically processes a non-standard `attach` parameter in email links without prompting or alerting the user. An attacker could exploit this by tricking a user into clicking a specially crafted link (for example, `mailto:[email protected]?attach=/path/to/sensitive_file`). When clicked, Geary will automatically open a new compose window with the specified local file already attached. Because there is no dialog box or visual warning indicating that the file was attached by the link rather than the user, the user might unknowingly send sensitive files or data to the attacker upon hitting send.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Gnome	Geary

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Gnome	Geary

References

Link	Providers
https://gitlab.gnome.org/GNOME/geary/-/work_items/1704
https://nvd.nist.gov/vuln/detail/CVE-2026-13324
https://www.cve.org/CVERecord?id=CVE-2026-13324

History

Fri, 26 Jun 2026 05:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Gnome Gnome geary
Vendors & Products		Gnome Gnome geary

Fri, 26 Jun 2026 02:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-200

Fri, 26 Jun 2026 00:15:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability has been identified in the GNOME Geary package within its `mailto` URI handling component. This flaw occurs because the email client automatically processes a non-standard `attach` parameter in email links without prompting or alerting the user. An attacker could exploit this by tricking a user into clicking a specially crafted link (for example, `mailto:[email protected]?attach=/path/to/sensitive_file`). When clicked, Geary will automatically open a new compose window with the specified local file already attached. Because there is no dialog box or visual warning indicating that the file was attached by the link rather than the user, the user might unknowingly send sensitive files or data to the attacker upon hitting send.
Title		geary: geary: Silent file attachment via ?attach= parameter
References		https://gitlab.gnome.org/GNOME/geary/-/work_items/1704 https://nvd.nist.gov/vuln/detail/CVE-2026-13324 https://www.cve.org/CVERecord?id=CVE-2026-13324
Metrics	threat_severity `None`	cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}` threat_severity `Moderate`

MITRE

No data.

Vulnrichment

No data.

NVD

No data.

Redhat

Severity : Moderate

Publid Date: 2026-06-25T10:07:00Z

Links: CVE-2026-13324 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-26T05:15:16Z

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object