CVE-2026-41989 (MEDIUM): detected in Lambda Docker Images.

[the-lambda-watchdog]

CVE Details

CVE ID	Severity	Affected Package	Installed Version	Fixed Version	Date Published	Date of Scan
CVE-2026-41989	MEDIUM	libgcrypt	1.10.2-1.amzn2023.0.2	1.10.2-1.amzn2023.0.3	2026-04-23T05:16:05.75Z	2026-05-16T10:18:17.211149446Z

---

Affected Docker Images

Image Name	SHA
public.ecr.aws/lambda/provided:latest	public.ecr.aws/lambda/provided@sha256:4db89c945e3055006d9d3981e996e718d5465123041a153ecc790ce8fff3bdb4
public.ecr.aws/lambda/provided:al2023	public.ecr.aws/lambda/provided@sha256:4db89c945e3055006d9d3981e996e718d5465123041a153ecc790ce8fff3bdb4
public.ecr.aws/lambda/python:latest	public.ecr.aws/lambda/python@sha256:0250da83ef19b1f8475a7fbde75fe740002bee98c5e116cf3c76b3fb5928d573
public.ecr.aws/lambda/python:3.14	public.ecr.aws/lambda/python@sha256:c747507eb32b1a643568441d24b5c7fb27935df48b50467791f34a4c09ca171e
public.ecr.aws/lambda/python:3.13	public.ecr.aws/lambda/python@sha256:0250da83ef19b1f8475a7fbde75fe740002bee98c5e116cf3c76b3fb5928d573
public.ecr.aws/lambda/python:3.12	public.ecr.aws/lambda/python@sha256:1b19b44a5203a4ea55b0cb44f30c8c156d155d7b8e1107cdff99674334ceba02
public.ecr.aws/lambda/nodejs:latest	public.ecr.aws/lambda/nodejs@sha256:f7a6104609df3726e3e22575432333bea317594c647e7b71d5841bc81178ee7b
public.ecr.aws/lambda/nodejs:24	public.ecr.aws/lambda/nodejs@sha256:82b613adb82c58d0e2200a4880208a076dfd729182a947acb58160eea9b678e9
public.ecr.aws/lambda/nodejs:22	public.ecr.aws/lambda/nodejs@sha256:f7a6104609df3726e3e22575432333bea317594c647e7b71d5841bc81178ee7b
public.ecr.aws/lambda/java:latest	public.ecr.aws/lambda/java@sha256:16037d2d5635b7a0d50dfcdb01271bf4b0e79e373b245a9151ac02a7161c88f0
public.ecr.aws/lambda/java:25	public.ecr.aws/lambda/java@sha256:59e7f154daf48433acecd4a4d27bc51a8a8f68728461a0052f5a9b5f1a2a056d
public.ecr.aws/lambda/java:21	public.ecr.aws/lambda/java@sha256:16037d2d5635b7a0d50dfcdb01271bf4b0e79e373b245a9151ac02a7161c88f0
public.ecr.aws/lambda/dotnet:latest	public.ecr.aws/lambda/dotnet@sha256:8fb9afa150271dfb63d8a9cdd86f87bc52b7a7d1289ea524de6bdbd592d5106f
public.ecr.aws/lambda/dotnet:10	public.ecr.aws/lambda/dotnet@sha256:5a5269ad5d3afc13c8e0c63aa2b7104ee151d324899fe2c4b73df7c676ad30c3
public.ecr.aws/lambda/dotnet:9	public.ecr.aws/lambda/dotnet@sha256:8fb9afa150271dfb63d8a9cdd86f87bc52b7a7d1289ea524de6bdbd592d5106f
public.ecr.aws/lambda/dotnet:8	public.ecr.aws/lambda/dotnet@sha256:dbc1cd835f9cca7089c4f9d3b3841acb63f9418dac1d62bf9f03ad6c5d04711e
public.ecr.aws/lambda/ruby:latest	public.ecr.aws/lambda/ruby@sha256:32638a811c0edcee8ceb5d6087225c6353e7ed97f72cd0af0fd99daa16d0173e
public.ecr.aws/lambda/ruby:4.0	public.ecr.aws/lambda/ruby@sha256:5754607b997064a8c81b91f92d5b017d24665ba9b70be666f3984a98eeaa15a3
public.ecr.aws/lambda/ruby:3.4	public.ecr.aws/lambda/ruby@sha256:32638a811c0edcee8ceb5d6087225c6353e7ed97f72cd0af0fd99daa16d0173e
public.ecr.aws/lambda/ruby:3.3	public.ecr.aws/lambda/ruby@sha256:b5610a730963a429b02c47b1f501a4f1aa01131b6ba9031743a6fb01dbc361a0

---

Description

Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.

---

Remediation Steps

• Update the affected package libgcrypt from version 1.10.2-1.amzn2023.0.2 to 1.10.2-1.amzn2023.0.3.

About this issue

• This issue may not contain all the information about the CVE nor the images it affects.
• This issue will not be updated with new information and the list of affected images may have changed since the creation of this issue.
• For more, visit Lambda Watchdog.
• This issue was created automatically by Lambda Watchdog.