CWE-347
Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
CVE-2026-22818 (GCVE-0-2026-22818)
Vulnerability from cvelistv5 – Published: 2026-01-13 19:49 – Updated: 2026-01-15 15:29
VLAI
Title
JWT algorithm confusion in Hono JWK Auth Middleware when JWK lacks "alg" (untrusted header.alg fallback)
Summary
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verification when the selected JWK did not explicitly define an algorithm. This could enable JWT algorithm confusion and, in certain configurations, allow forged tokens to be accepted. The JWK/JWKS JWT verification middleware has been updated to require an explicit allowlist of asymmetric algorithms when verifying tokens. The middleware no longer derives the verification algorithm from untrusted JWT header values. This vulnerability is fixed in 4.11.4.
Severity
8.2 (High)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/honojs/hono/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/honojs/hono/commit/190f6e28e2c… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22818",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T15:29:32.068668Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T15:29:39.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "hono",
"vendor": "honojs",
"versions": [
{
"status": "affected",
"version": "\u003c 4.11.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono\u2019s JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verification when the selected JWK did not explicitly define an algorithm. This could enable JWT algorithm confusion and, in certain configurations, allow forged tokens to be accepted. The JWK/JWKS JWT verification middleware has been updated to require an explicit allowlist of asymmetric algorithms when verifying tokens. The middleware no longer derives the verification algorithm from untrusted JWT header values. This vulnerability is fixed in 4.11.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T19:49:52.042Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/honojs/hono/security/advisories/GHSA-3vhc-576x-3qv4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/honojs/hono/security/advisories/GHSA-3vhc-576x-3qv4"
},
{
"name": "https://github.com/honojs/hono/commit/190f6e28e2ca85ce3d1f2f54db1310f5f3eab134",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/honojs/hono/commit/190f6e28e2ca85ce3d1f2f54db1310f5f3eab134"
}
],
"source": {
"advisory": "GHSA-3vhc-576x-3qv4",
"discovery": "UNKNOWN"
},
"title": "JWT algorithm confusion in Hono JWK Auth Middleware when JWK lacks \"alg\" (untrusted header.alg fallback)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22818",
"datePublished": "2026-01-13T19:49:52.042Z",
"dateReserved": "2026-01-09T22:50:10.289Z",
"dateUpdated": "2026-01-15T15:29:39.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22866 (GCVE-0-2026-22866)
Vulnerability from cvelistv5 – Published: 2026-02-25 15:47 – Updated: 2026-02-25 20:34
VLAI
Title
ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation
Summary
Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the `RSASHA256Algorithm` and `RSASHA1Algorithm` contracts fail to validate PKCS#1 v1.5 padding structure when verifying RSA signatures. The contracts only check if the last 32 (or 20) bytes of the decrypted signature match the expected hash. This enables Bleichenbacher's 2006 signature forgery attack against DNS zones using RSA keys with low public exponents (e=3). Two ENS-supported TLDs (.cc and .name) use e=3 for their Key Signing Keys, allowing any domain under these TLDs to be fraudulently claimed on ENS without DNS ownership. Apatch was merged at commit c76c5ad0dc9de1c966443bd946fafc6351f87587. Possible workarounds include deploying the patched contracts and pointing DNSSECImpl.setAlgorithm to the deployed contract.
Severity
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/ensdomains/ens-contracts/secur… | x_refsource_CONFIRM |
| https://github.com/ensdomains/ens-contracts/commi… | x_refsource_MISC |
| https://github.com/ensdomains/ens-contracts-bug-6… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ensdomains | ens-contracts |
Affected:
<= 1.6.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22866",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T20:33:54.551584Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T20:34:05.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ens-contracts",
"vendor": "ensdomains",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.6.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the `RSASHA256Algorithm` and `RSASHA1Algorithm` contracts fail to validate PKCS#1 v1.5 padding structure when verifying RSA signatures. The contracts only check if the last 32 (or 20) bytes of the decrypted signature match the expected hash. This enables Bleichenbacher\u0027s 2006 signature forgery attack against DNS zones using RSA keys with low public exponents (e=3). Two ENS-supported TLDs (.cc and .name) use e=3 for their Key Signing Keys, allowing any domain under these TLDs to be fraudulently claimed on ENS without DNS ownership. Apatch was merged at commit c76c5ad0dc9de1c966443bd946fafc6351f87587. Possible workarounds include deploying the patched contracts and pointing DNSSECImpl.setAlgorithm to the deployed contract."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.7,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T15:47:16.230Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ensdomains/ens-contracts/security/advisories/GHSA-c6rr-7pmc-73wc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ensdomains/ens-contracts/security/advisories/GHSA-c6rr-7pmc-73wc"
},
{
"name": "https://github.com/ensdomains/ens-contracts/commit/c76c5ad0dc9de1c966443bd946fafc6351f87587",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ensdomains/ens-contracts/commit/c76c5ad0dc9de1c966443bd946fafc6351f87587"
},
{
"name": "https://github.com/ensdomains/ens-contracts-bug-62248-pr-509",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ensdomains/ens-contracts-bug-62248-pr-509"
}
],
"source": {
"advisory": "GHSA-c6rr-7pmc-73wc",
"discovery": "UNKNOWN"
},
"title": "ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22866",
"datePublished": "2026-02-25T15:47:16.230Z",
"dateReserved": "2026-01-12T16:20:16.746Z",
"dateUpdated": "2026-02-25T20:34:05.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23518 (GCVE-0-2026-23518)
Vulnerability from cvelistv5 – Published: 2026-01-21 21:50 – Updated: 2026-01-22 16:49
VLAI
Title
Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment
Summary
Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, a vulnerability in Fleet's Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT signatures were not verified, Fleet could accept attacker-controlled identity claims, enabling enrollment of unauthorized devices under arbitrary Azure AD user identities. Versions 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 fix the issue. If an immediate upgrade is not possible, affected Fleet users should temporarily disable Windows MDM.
Severity
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/fleetdm/fleet/security/advisor… | x_refsource_CONFIRM |
| https://github.com/fleetdm/fleet/commit/e225ef579… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23518",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T15:13:36.673554Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T16:49:50.477Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fleet",
"vendor": "fleetdm",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.78.0, \u003c 4.78.3"
},
{
"status": "affected",
"version": "\u003e= 4.77.0, \u003c 4.77.1"
},
{
"status": "affected",
"version": "\u003e= 4.76.0, \u003c 4.76.2"
},
{
"status": "affected",
"version": "\u003e= 4.75.0, \u003c 4.75.2"
},
{
"status": "affected",
"version": "\u003c 4.53.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, a vulnerability in Fleet\u0027s Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT signatures were not verified, Fleet could accept attacker-controlled identity claims, enabling enrollment of unauthorized devices under arbitrary Azure AD user identities. Versions 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 fix the issue. If an immediate upgrade is not possible, affected Fleet users should temporarily disable Windows MDM."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T21:50:47.998Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/fleetdm/fleet/security/advisories/GHSA-63m5-974w-448v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/fleetdm/fleet/security/advisories/GHSA-63m5-974w-448v"
},
{
"name": "https://github.com/fleetdm/fleet/commit/e225ef57912c8f4ac8977e24b5ebe1d9fd875257",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fleetdm/fleet/commit/e225ef57912c8f4ac8977e24b5ebe1d9fd875257"
}
],
"source": {
"advisory": "GHSA-63m5-974w-448v",
"discovery": "UNKNOWN"
},
"title": "Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23518",
"datePublished": "2026-01-21T21:50:47.998Z",
"dateReserved": "2026-01-13T18:22:43.980Z",
"dateUpdated": "2026-01-22T16:49:50.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23687 (GCVE-0-2026-23687)
Vulnerability from cvelistv5 – Published: 2026-02-10 03:02 – Updated: 2026-02-26 15:04
VLAI
Title
XML Signature Wrapping in SAP NetWeaver AS ABAP and ABAP Platform
Summary
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data and potential disruption of normal system usage.
Severity
8.8 (High)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP_SE | SAP NetWeaver AS ABAP and ABAP Platform |
Affected:
SAP_BASIS 700
Affected: SAP_BASIS 701 Affected: SAP_BASIS 702 Affected: SAP_BASIS 731 Affected: SAP_BASIS 740 Affected: SAP_BASIS 750 Affected: SAP_BASIS 751 Affected: SAP_BASIS 752 Affected: SAP_BASIS 753 Affected: SAP_BASIS 754 Affected: SAP_BASIS 755 Affected: SAP_BASIS 756 Affected: SAP_BASIS 757 Affected: SAP_BASIS 758 Affected: SAP_BASIS 804 Affected: SAP_BASIS 816 Affected: SAP_BASIS 916 Affected: SAP_BASIS 917 Affected: SAP_BASIS 918 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23687",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T04:56:16.147572Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:13.585Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP NetWeaver AS ABAP and ABAP Platform",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "SAP_BASIS 700"
},
{
"status": "affected",
"version": "SAP_BASIS 701"
},
{
"status": "affected",
"version": "SAP_BASIS 702"
},
{
"status": "affected",
"version": "SAP_BASIS 731"
},
{
"status": "affected",
"version": "SAP_BASIS 740"
},
{
"status": "affected",
"version": "SAP_BASIS 750"
},
{
"status": "affected",
"version": "SAP_BASIS 751"
},
{
"status": "affected",
"version": "SAP_BASIS 752"
},
{
"status": "affected",
"version": "SAP_BASIS 753"
},
{
"status": "affected",
"version": "SAP_BASIS 754"
},
{
"status": "affected",
"version": "SAP_BASIS 755"
},
{
"status": "affected",
"version": "SAP_BASIS 756"
},
{
"status": "affected",
"version": "SAP_BASIS 757"
},
{
"status": "affected",
"version": "SAP_BASIS 758"
},
{
"status": "affected",
"version": "SAP_BASIS 804"
},
{
"status": "affected",
"version": "SAP_BASIS 816"
},
{
"status": "affected",
"version": "SAP_BASIS 916"
},
{
"status": "affected",
"version": "SAP_BASIS 917"
},
{
"status": "affected",
"version": "SAP_BASIS 918"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data and potential disruption of normal system usage.\u003c/p\u003e"
}
],
"value": "SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data and potential disruption of normal system usage."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T03:02:47.674Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3697567"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "XML Signature Wrapping in SAP NetWeaver AS ABAP and ABAP Platform",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2026-23687",
"datePublished": "2026-02-10T03:02:47.674Z",
"dateReserved": "2026-01-14T18:26:17.297Z",
"dateUpdated": "2026-02-26T15:04:13.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23965 (GCVE-0-2026-23965)
Vulnerability from cvelistv5 – Published: 2026-01-22 02:05 – Updated: 2026-01-22 15:58
VLAI
Title
sm-crypto Affected by Signature Forgery in SM2-DSA
Summary
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto prior to version 0.4.0. Under default configurations, an attacker can forge valid signatures for arbitrary public keys. If the message space contains sufficient redundancy, the attacker can fix the prefix of the message associated with the forged signature to satisfy specific formatting requirements. Version 0.4.0 patches the issue.
Severity
7.5 (High)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/JuneAndGreen/sm-crypto/securit… | x_refsource_CONFIRM |
| https://github.com/JuneAndGreen/sm-crypto/commit/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JuneAndGreen | sm-crypto |
Affected:
< 0.4.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23965",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T15:57:36.387701Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T15:58:10.585Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "sm-crypto",
"vendor": "JuneAndGreen",
"versions": [
{
"status": "affected",
"version": "\u003c 0.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto prior to version 0.4.0. Under default configurations, an attacker can forge valid signatures for arbitrary public keys. If the message space contains sufficient redundancy, the attacker can fix the prefix of the message associated with the forged signature to satisfy specific formatting requirements. Version 0.4.0 patches the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T02:05:43.426Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/JuneAndGreen/sm-crypto/security/advisories/GHSA-hpwg-xg7m-3p6m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/JuneAndGreen/sm-crypto/security/advisories/GHSA-hpwg-xg7m-3p6m"
},
{
"name": "https://github.com/JuneAndGreen/sm-crypto/commit/85295a859d0766222d12ce2be3e6fce7b438b510",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/JuneAndGreen/sm-crypto/commit/85295a859d0766222d12ce2be3e6fce7b438b510"
}
],
"source": {
"advisory": "GHSA-hpwg-xg7m-3p6m",
"discovery": "UNKNOWN"
},
"title": "sm-crypto Affected by Signature Forgery in SM2-DSA"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23965",
"datePublished": "2026-01-22T02:05:43.426Z",
"dateReserved": "2026-01-19T14:49:06.314Z",
"dateUpdated": "2026-01-22T15:58:10.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23967 (GCVE-0-2026-23967)
Vulnerability from cvelistv5 – Published: 2026-01-22 01:59 – Updated: 2026-01-22 16:03
VLAI
Title
sm-crypto Affected by Signature Malleability in SM2-DSA
Summary
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library prior to version 0.3.14. An attacker can derive a new valid signature for a previously signed message from an existing signature. Version 0.3.14 patches the issue.
Severity
7.5 (High)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/JuneAndGreen/sm-crypto/securit… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JuneAndGreen | sm-crypto |
Affected:
< 0.3.14
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T16:03:25.576580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T16:03:58.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "sm-crypto",
"vendor": "JuneAndGreen",
"versions": [
{
"status": "affected",
"version": "\u003c 0.3.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library prior to version 0.3.14. An attacker can derive a new valid signature for a previously signed message from an existing signature. Version 0.3.14 patches the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T01:59:30.555Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/JuneAndGreen/sm-crypto/security/advisories/GHSA-qv7w-v773-3xqm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/JuneAndGreen/sm-crypto/security/advisories/GHSA-qv7w-v773-3xqm"
}
],
"source": {
"advisory": "GHSA-qv7w-v773-3xqm",
"discovery": "UNKNOWN"
},
"title": "sm-crypto Affected by Signature Malleability in SM2-DSA"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23967",
"datePublished": "2026-01-22T01:59:30.555Z",
"dateReserved": "2026-01-19T14:49:06.314Z",
"dateUpdated": "2026-01-22T16:03:58.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23992 (GCVE-0-2026-23992)
Vulnerability from cvelistv5 – Published: 2026-01-22 02:20 – Updated: 2026-01-22 15:21
VLAI
Title
go-tuf improperly validates the configured threshold for delegations
Summary
go-tuf is a Go implementation of The Update Framework (TUF). Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. This can lead to unauthorized modification to TUF metadata files is possible at rest, or during transit as no integrity checks are made. Version 2.3.1 fixes the issue. As a workaround, always make sure that the TUF metadata roles are configured with a threshold of at least 1.
Severity
5.9 (Medium)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/theupdateframework/go-tuf/secu… | x_refsource_CONFIRM |
| https://github.com/theupdateframework/go-tuf/comm… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| theupdateframework | go-tuf |
Affected:
>= 2.0.0, < 2.3.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23992",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T15:21:00.989880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T15:21:21.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "go-tuf",
"vendor": "theupdateframework",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "go-tuf is a Go implementation of The Update Framework (TUF). Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. This can lead to unauthorized modification to TUF metadata files is possible at rest, or during transit as no integrity checks are made. Version 2.3.1 fixes the issue. As a workaround, always make sure that the TUF metadata roles are configured with a threshold of at least 1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T02:20:06.845Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-fphv-w9fq-2525",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-fphv-w9fq-2525"
},
{
"name": "https://github.com/theupdateframework/go-tuf/commit/b38d91fdbc69dfe31fe9230d97dafe527ea854a0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/theupdateframework/go-tuf/commit/b38d91fdbc69dfe31fe9230d97dafe527ea854a0"
}
],
"source": {
"advisory": "GHSA-fphv-w9fq-2525",
"discovery": "UNKNOWN"
},
"title": "go-tuf improperly validates the configured threshold for delegations"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23992",
"datePublished": "2026-01-22T02:20:06.845Z",
"dateReserved": "2026-01-19T18:49:20.657Z",
"dateUpdated": "2026-01-22T15:21:21.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24032 (GCVE-0-2026-24032)
Vulnerability from cvelistv5 – Published: 2026-04-14 08:40 – Updated: 2026-04-14 13:18
VLAI
Summary
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component.
This could allow an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the application. (ZDI-CAN-27564)
Severity
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24032",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T13:17:53.630013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T13:18:01.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.0 SP3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V4.0 SP3 with UMC). The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component.\r\nThis could allow an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the application. (ZDI-CAN-27564)"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T08:40:39.853Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-801704.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2026-24032",
"datePublished": "2026-04-14T08:40:39.853Z",
"dateReserved": "2026-01-20T15:47:59.075Z",
"dateUpdated": "2026-04-14T13:18:01.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24807 (GCVE-0-2026-24807)
Vulnerability from cvelistv5 – Published: 2026-01-27 08:43 – Updated: 2026-05-06 16:58
VLAI
Title
Buffer Overflow Vulnerability in liuyueyi/quick-media
Summary
Improper Verification of Cryptographic Signature vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/util modules). This vulnerability is associated with program files SeekableOutputStream.Java.
This issue affects quick-media: before v1.0.
Severity
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/liuyueyi/quick-media/pull/123 | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| liuyueyi | quick-media |
Affected:
0 , < v1.0
(git)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24807",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-27T20:45:19.356416Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T20:45:28.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-05-06T16:58:44.740Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://github.com/liuyueyi/quick-media/pull/123#issuecomment-4305589308"
},
{
"url": "https://github.com/css4j/echosvg/discussions/137"
},
{
"url": "https://github.com/github/advisory-database/pull/7438"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/liuyueyi/quick-media",
"defaultStatus": "unaffected",
"modules": [
"plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/util"
],
"product": "quick-media",
"programFiles": [
"SeekableOutputStream.java"
],
"vendor": "liuyueyi",
"versions": [
{
"lessThan": "v1.0",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TITAN Team (titancaproject@gmail.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Verification of Cryptographic Signature vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/util modules).\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003eSeekableOutputStream.Java\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects quick-media: before v1.0.\u003c/p\u003e"
}
],
"value": "Improper Verification of Cryptographic Signature vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/util modules). This vulnerability is associated with program files SeekableOutputStream.Java.\n\nThis issue affects quick-media: before v1.0."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T08:43:51.077Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/liuyueyi/quick-media/pull/123"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Buffer Overflow Vulnerability in liuyueyi/quick-media",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2026-24807",
"datePublished": "2026-01-27T08:43:51.077Z",
"dateReserved": "2026-01-27T08:39:10.281Z",
"dateUpdated": "2026-05-06T16:58:44.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24850 (GCVE-0-2026-24850)
Vulnerability from cvelistv5 – Published: 2026-01-28 00:24 – Updated: 2026-01-28 14:54
VLAI
Title
ML-DSA Signature Verification Accepts Signatures with Repeated Hint Indices
Summary
The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard (ML-DSA). Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto `ml-dsa` crate incorrectly accepts signatures with repeated (duplicate) hint indices. According to the ML-DSA specification (FIPS 204 / RFC 9881), hint indices within each polynomial must be **strictly increasing**. The current implementation uses a non-strict monotonic check (`<=` instead of `<`), allowing duplicate indices. This is a regression bug. The original implementation was correct, but a commit in version 0.0.4 inadvertently changed the strict `<` comparison to `<=`, introducing the vulnerability. Version 0.1.0-rc.4 fixes the issue.
Severity
5.3 (Medium)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://github.com/RustCrypto/signatures/security… | x_refsource_CONFIRM |
| https://github.com/RustCrypto/signatures/issues/894 | x_refsource_MISC |
| https://github.com/RustCrypto/signatures/pull/895 | x_refsource_MISC |
| https://github.com/RustCrypto/signatures/commit/4… | x_refsource_MISC |
| https://github.com/RustCrypto/signatures/commit/b… | x_refsource_MISC |
| https://csrc.nist.gov/pubs/fips/204/final | x_refsource_MISC |
| https://datatracker.ietf.org/doc/html/rfc9881 | x_refsource_MISC |
| https://github.com/C2SP/wycheproof | x_refsource_MISC |
| https://github.com/C2SP/wycheproof/blob/master/te… | x_refsource_MISC |
| https://github.com/C2SP/wycheproof/blob/master/te… | x_refsource_MISC |
| https://github.com/C2SP/wycheproof/blob/master/te… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| RustCrypto | signatures |
Affected:
>= 0.0.4, < 0.1.0-rc.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24850",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-28T14:53:25.394412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T14:54:22.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "signatures",
"vendor": "RustCrypto",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.0.4, \u003c 0.1.0-rc.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard (ML-DSA). Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto `ml-dsa` crate incorrectly accepts signatures with repeated (duplicate) hint indices. According to the ML-DSA specification (FIPS 204 / RFC 9881), hint indices within each polynomial must be **strictly increasing**. The current implementation uses a non-strict monotonic check (`\u003c=` instead of `\u003c`), allowing duplicate indices. This is a regression bug. The original implementation was correct, but a commit in version 0.0.4 inadvertently changed the strict `\u003c` comparison to `\u003c=`, introducing the vulnerability. Version 0.1.0-rc.4 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T00:24:53.146Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/RustCrypto/signatures/security/advisories/GHSA-5x2r-hc65-25f9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/RustCrypto/signatures/security/advisories/GHSA-5x2r-hc65-25f9"
},
{
"name": "https://github.com/RustCrypto/signatures/issues/894",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/RustCrypto/signatures/issues/894"
},
{
"name": "https://github.com/RustCrypto/signatures/pull/895",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/RustCrypto/signatures/pull/895"
},
{
"name": "https://github.com/RustCrypto/signatures/commit/400961412be2e2ab787942cf30e0a9b66b37a54a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/RustCrypto/signatures/commit/400961412be2e2ab787942cf30e0a9b66b37a54a"
},
{
"name": "https://github.com/RustCrypto/signatures/commit/b01c3b73dd08d0094e089aa234f78b6089ec1f38",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/RustCrypto/signatures/commit/b01c3b73dd08d0094e089aa234f78b6089ec1f38"
},
{
"name": "https://csrc.nist.gov/pubs/fips/204/final",
"tags": [
"x_refsource_MISC"
],
"url": "https://csrc.nist.gov/pubs/fips/204/final"
},
{
"name": "https://datatracker.ietf.org/doc/html/rfc9881",
"tags": [
"x_refsource_MISC"
],
"url": "https://datatracker.ietf.org/doc/html/rfc9881"
},
{
"name": "https://github.com/C2SP/wycheproof",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/C2SP/wycheproof"
},
{
"name": "https://github.com/C2SP/wycheproof/blob/master/testvectors_v1/mldsa_44_verify_test.json",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/C2SP/wycheproof/blob/master/testvectors_v1/mldsa_44_verify_test.json"
},
{
"name": "https://github.com/C2SP/wycheproof/blob/master/testvectors_v1/mldsa_65_verify_test.json",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/C2SP/wycheproof/blob/master/testvectors_v1/mldsa_65_verify_test.json"
},
{
"name": "https://github.com/C2SP/wycheproof/blob/master/testvectors_v1/mldsa_87_verify_test.json",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/C2SP/wycheproof/blob/master/testvectors_v1/mldsa_87_verify_test.json"
}
],
"source": {
"advisory": "GHSA-5x2r-hc65-25f9",
"discovery": "UNKNOWN"
},
"title": "ML-DSA Signature Verification Accepts Signatures with Repeated Hint Indices"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24850",
"datePublished": "2026-01-28T00:24:53.146Z",
"dateReserved": "2026-01-27T14:51:03.060Z",
"dateUpdated": "2026-01-28T14:54:22.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.