CVE-2026-26958
Received Received - Intake
Incorrect MultiScalarMult Results in filippo.io/edwards25519 v1.1.0 and Earlier

Publication date: 2026-02-19

Last updated on: 2026-02-19

Assigner: GitHub, Inc.

Description
filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If (*Point).MultiScalarMult is called on an initialized point that is not the identity point, it returns an incorrect result. If the method is called on an uninitialized point, the behavior is undefined. In particular, if the receiver is the zero value, MultiScalarMult returns an invalid point that compares Equal to every other point. Note that MultiScalarMult is a rarely used, advanced API. For example, users who depend on filippo.io/edwards25519 only through github.com/go-sql-driver/mysql are not affected. This issue has been fixed in version 1.1.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-19
Last Modified
2026-02-19
Generated
2026-05-07
AI Q&A
2026-02-20
EPSS Evaluated
2026-05-05
NVD
CVE-2026-26958
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
filippo edwards25519 to 1.1.1 (exc)
filippo edwards25519 1.1.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-665 The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The vulnerability exists in the filippo.io/edwards25519 Go library, which implements the edwards25519 elliptic curve for cryptographic operations. In versions 1.1.0 and earlier, the MultiScalarMult function produces invalid results or undefined behavior when called on a point that is not the identity point. Specifically, if MultiScalarMult is called on an initialized point other than the identity, it returns incorrect results. If called on an uninitialized point (such as the zero value), it returns an invalid point that compares equal to every other point. This is a flaw in the advanced, rarely used API.


How can this vulnerability impact me? :

This vulnerability can lead to incorrect cryptographic computations when using the MultiScalarMult function on non-identity points, potentially causing cryptographic operations to fail or behave unpredictably. However, since MultiScalarMult is a rarely used advanced API, many users, including those who use the library indirectly through github.com/go-sql-driver/mysql, are not affected. The impact is limited to scenarios where this specific function is used improperly or on uninitialized points.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, upgrade the filippo.io/edwards25519 Go library to version 1.1.1 or later, where the issue with MultiScalarMult has been fixed.

If you are using the library only through github.com/go-sql-driver/mysql, you are not affected by this vulnerability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart