Security Advisory
CVE-2025-26695
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8.