CVE-2026-40323
Soundness Vulnerability in SP1 V6 Verifier Enables Proof Forgery
Publication date: 2026-04-18
Last updated on: 2026-04-18
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| succinctlabs | sp1 | From 6.0.0 (inc) to 6.0.2 (inc) |
| succinctlabs | sp1 | 6.1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-345 | The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. |
| CWE-354 | The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in SP1, a zero-knowledge virtual machine for RISC-V programs, specifically in versions 6.0.0 through 6.0.2. It is a soundness vulnerability in the SP1 V6 recursive shard verifier that allows a malicious prover to create a recursive proof from a shard proof that the native verifier would normally reject. This means the system can be tricked into accepting invalid proofs.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker to submit invalid proofs that the system incorrectly accepts as valid. This undermines the integrity and trustworthiness of the verification process in SP1, potentially leading to incorrect program execution validation and security breaches.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade SP1 to version 6.1.0 or later, as this version fixes the soundness issue in the SP1 V6 recursive shard verifier.