CVE-2026-32614
Awaiting Analysis Awaiting Analysis - Queue
Infinity-Point Ciphertext Forgery in Go ShangMi SM9 Decryption

Publication date: 2026-03-16

Last updated on: 2026-03-16

Assigner: GitHub, Inc.

Description
Go ShangMi (Commercial Cryptography) Library (GMSM) is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause is that, during decryption, the elliptic-curve point C1 in the ciphertext is only deserialized and checked to be on the curve, but the implementation does not explicitly reject the point at infinity. In the current implementation, an attacker can construct C1 as the point at infinity, causing the bilinear pairing result to degenerate into the identity element in the GT group. As a result, a critical part of the key derivation input becomes a predictable constant. An attacker who only knows the target user's UID can derive the decryption key material and then forge a ciphertext that passes the integrity check. This vulnerability is fixed in 0.41.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-16
Last Modified
2026-03-16
Generated
2026-05-06
AI Q&A
2026-03-16
EPSS Evaluated
2026-05-05
NVD
CVE-2026-32614
EUVD
EUVD-2026-12101
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
go_shangmi gmsm to 0.41.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-347 The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?

The vulnerability is fixed in version 0.41.1 of the Go ShangMi (GMSM) Library. To mitigate this vulnerability, you should upgrade the GMSM library to version 0.41.1 or later.


Can you explain this vulnerability to me?

The vulnerability exists in the Go ShangMi (GMSM) cryptographic library's SM9 decryption implementation prior to version 0.41.1. During decryption, the elliptic-curve point C1 in the ciphertext is checked to be on the curve but the implementation does not explicitly reject the point at infinity. An attacker can exploit this by constructing C1 as the point at infinity, causing the bilinear pairing result to become a predictable constant. This allows the attacker, knowing only the target user's UID, to derive the decryption key material and forge a ciphertext that passes integrity checks.


How can this vulnerability impact me? :

This vulnerability can allow an attacker to forge ciphertexts that appear valid and pass integrity checks without having proper authorization. Since the attacker can derive key material using only the target user's UID, it compromises the integrity of encrypted communications or data protected by the SM9 scheme in the GMSM library. This could lead to unauthorized data manipulation or impersonation attacks.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart