Rust is a multi-paradigm programming language focused on performance and safety, especially safe concurrency.

Rust

### Summary
Previous rPGP versions could be caused to crash with a "stack overflow" when parsing messages that contain deeply nested message layers, such as messages with many signatures.
rPGP 0.19.0 resolves this issue with a more robust message handling implementation (via https://github.com/rpgp/rpgp/pull/625).
### Impact
An attacker could cause applications to crash in rPGP's message parsing subsystem, when applications attempt to ingest messages.
### Attribution
Discovered internally during rPGP development, using a fuzz test suite previously contributed by Christian Reitter.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
GHSA-fxc9-7j2w-vx54	CRITICAL	9.3	Rust	mpp	No	Yes	Mar 29, 2026
CVE-2026-34202	CRITICAL	9.2	Rust	zebra-chain	No	Yes	Mar 27, 2026
CVE-2026-34377	HIGH	8.4	Rust	zebrad	No	Yes	Mar 30, 2026
CVE-2026-34219	HIGH	8.2	Rust	libp2p-gossipsub	No	Yes	Mar 30, 2026
RUSTSEC-2026-0078	N/A	N/A	Rust	intaglio	No	Yes	Mar 30, 2026

GHSA-8h58-w33p-wq3g:
Rust vulnerability analysis and mitigation

Summary

Impact

Attribution

8.7

Related Rust vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

GHSA-8h58-w33p-wq3g: Rust vulnerability analysis and mitigation