CVE-2026-26958
Received Received - Intake

Incorrect MultiScalarMult Results in filippo.io/edwards25519 v1.1.0 and Earlier

Vulnerability report for CVE-2026-26958, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-19

Last updated on: 2026-02-19

Assigner: GitHub, Inc.

Description

filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If (*Point).MultiScalarMult is called on an initialized point that is not the identity point, it returns an incorrect result. If the method is called on an uninitialized point, the behavior is undefined. In particular, if the receiver is the zero value, MultiScalarMult returns an invalid point that compares Equal to every other point. Note that MultiScalarMult is a rarely used, advanced API. For example, users who depend on filippo.io/edwards25519 only through github.com/go-sql-driver/mysql are not affected. This issue has been fixed in version 1.1.1.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-19
Last Modified
2026-02-19
Generated
2026-07-06
AI Q&A
2026-02-20
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
filippo edwards25519 to 1.1.1 (exc)
filippo edwards25519 1.1.1

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-665 The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, upgrade the filippo.io/edwards25519 Go library to version 1.1.1 or later, where the issue with MultiScalarMult has been fixed.

If you are using the library only through github.com/go-sql-driver/mysql, you are not affected by this vulnerability.

Executive Summary

The vulnerability exists in the filippo.io/edwards25519 Go library, which implements the edwards25519 elliptic curve for cryptographic operations. In versions 1.1.0 and earlier, the MultiScalarMult function produces invalid results or undefined behavior when called on a point that is not the identity point. Specifically, if MultiScalarMult is called on an initialized point other than the identity, it returns incorrect results. If called on an uninitialized point (such as the zero value), it returns an invalid point that compares equal to every other point. This is a flaw in the advanced, rarely used API.

Impact Analysis

This vulnerability can lead to incorrect cryptographic computations when using the MultiScalarMult function on non-identity points, potentially causing cryptographic operations to fail or behave unpredictably. However, since MultiScalarMult is a rarely used advanced API, many users, including those who use the library indirectly through github.com/go-sql-driver/mysql, are not affected. The impact is limited to scenarios where this specific function is used improperly or on uninitialized points.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-26958. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart