CVE-2026-22705
MEDIUMSeverity by source
AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
3DescriptionGitHub Advisory
RustCrypto: Signatures offers support for digital signatures, which provide authentication of data using public-key cryptography. Prior to version 0.1.0-rc.2, a timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature. This issue has been patched in version 0.1.0-rc.2.
AnalysisAI
which provide authentication of data using public-key cryptography. versions up to 0.1.0 contains a security vulnerability (CVSS 6.4).
Technical ContextAI
affects which provide authentication of data using public-key cryptography.. RustCrypto: Signatures offers support for digital signatures, which provide authentication of data using public-key cryptography. Prior to version 0.1.0-rc.2, a timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature. This issue has been patched in version 0.1.0-rc.2.
Affected ProductsAI
Product: which provide authentication of data using public-key cryptography.. Versions: up to 0.1.0.
RemediationAI
Fixed in version 0.1.0.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-hcp2-x6j4-29j7