CVE-2026-13324 - Vulnerability Details

Description

A vulnerability has been identified in the **GNOME Geary** package within its **`mailto` URI handling** component. This flaw occurs because the email client automatically processes a non-standard `attach` parameter in email links without prompting or alerting the user.
An attacker could exploit this by tricking a user into clicking a specially crafted link (for example, `mailto:user@example.com?attach=/path/to/sensitive_file`). When clicked, Geary will automatically open a new compose window with the specified local file already attached. Because there is no dialog box or visual warning indicating that the file was attached by the link rather than the user, the user might unknowingly send sensitive files or data to the attacker upon hitting send.

Published: n/a

Score: 6.5 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

Geary’s mailto URI handling incorrectly processes a non‑standard `attach` When a user clicks a link such as `mailto:user@example.com?attach=/path/to/sensitive_file`, the client opens a compose window and silently attaches the local file, exposing the file’s contents to whoever receives the email. The flaw therefore allows accidental disclosure of sensitive local data without any visual warning.

Affected Systems

The vulnerability is present in the GNOME Geary email client. No specific version information is provided, so all releases containing the current mailto parser are potentially affected until a fix is issued. Users should check their package repositories for an updated Geary release once the issue is resolved.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity. It is inferred that the attacker must persuade a user to click a crafted link, which is a social engineering step; no additional privileges or remote code execution are required. EPSS data is not available and the vulnerability is not listed in CISA KEV. Nevertheless, it is inferred that the ability to transfer any local file without the user’s knowledge can lead to significant data exposure, making the risk non‑negligible.

No data.

Vendor Product Confidence Versions

Gnome

Geary

85%

Version	Status	Scheme	Platform
`—`	affected	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check for Geary updates when a fix is released
Disable or remove the mailto URI handler that processes the attach parameter in Geary if possible
Educate users to avoid clicking unfamiliar mailto links and verify attachments before sending

Generated by OpenCVE AI on June 26, 2026 at 02:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://gitlab.gnome.org/GNOME/geary/-/work_items/1704
https://nvd.nist.gov/vuln/detail/CVE-2026-13324
https://www.cve.org/CVERecord?id=CVE-2026-13324

History

Fri, 26 Jun 2026 05:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Gnome Gnome geary
Vendors & Products		Gnome Gnome geary

Fri, 26 Jun 2026 02:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-200

Fri, 26 Jun 2026 00:15:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability has been identified in the GNOME Geary package within its `mailto` URI handling component. This flaw occurs because the email client automatically processes a non-standard `attach` parameter in email links without prompting or alerting the user. An attacker could exploit this by tricking a user into clicking a specially crafted link (for example, `mailto:user@example.com?attach=/path/to/sensitive_file`). When clicked, Geary will automatically open a new compose window with the specified local file already attached. Because there is no dialog box or visual warning indicating that the file was attached by the link rather than the user, the user might unknowingly send sensitive files or data to the attacker upon hitting send.
Title		geary: geary: Silent file attachment via ?attach= parameter
References		https://gitlab.gnome.org/GNOME/geary/-/work_items/1704 https://nvd.nist.gov/vuln/detail/CVE-2026-13324 https://www.cve.org/CVERecord?id=CVE-2026-13324
Metrics	threat_severity `None`	cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}` threat_severity `Moderate`

Subscriptions

Gnome Geary

MITRE

No data.

Vulnrichment

No data.

NVD

No data.

Redhat

Severity : Moderate

Publid Date: 2026-06-25T10:07:00Z

Links: CVE-2026-13324 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-26T05:15:16Z

Weaknesses

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object