Skip to main content

CVE-2026-24850

MEDIUM
Improper Verification of Cryptographic Signature (CWE-347)
2026-01-28 security-advisories@github.com GHSA-5x2r-hc65-25f9
5.3
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 28, 2026 - 01:16 nvd
MEDIUM 5.3

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 4 cargo packages depend on ml-dsa (3 direct, 1 indirect)

Ecosystem-wide dependent count for version 0.0.4.

DescriptionGitHub Advisory

The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard (ML-DSA). Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto ml-dsa crate incorrectly accepts signatures with repeated (duplicate) hint indices. According to the ML-DSA specification (FIPS 204 / RFC 9881), hint indices within each polynomial must be strictly increasing. The current implementation uses a non-strict monotonic check (<= instead of <), allowing duplicate indices. This is a regression bug. The original implementation was correct, but a commit in version 0.0.4 inadvertently changed the strict < comparison to <=, introducing the vulnerability. Version 0.1.0-rc.4 fixes the issue.

AnalysisAI

The RustCrypto ml-dsa crate versions 0.0.4 through 0.1.0-rc.3 incorrectly validate ML-DSA digital signatures by accepting duplicate hint indices that should be strictly increasing per the FIPS 204 specification, allowing attackers to forge valid signatures that should be rejected. This regression was introduced by a comparison operator change in version 0.0.4 and affects any application relying on this crate for signature verification. A patch is available in version 0.1.0-rc.4.

Technical ContextAI

This vulnerability (CWE-347: Improper Verification of Cryptographic Signature) affects Starting in version 0.0.4 and. The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard (ML-DSA). Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto ml-dsa crate incorrectly accepts signatures with repeated (duplicate) hint indices. According to the ML-DSA specification (FIPS 204 / RFC 9881), hint indices within each polynomial must be strictly increasing. The current implementation uses a non-strict monoto

Affected ProductsAI

Product: Starting in version 0.0.4 and. Versions: up to 0.1.0.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Share

CVE-2026-24850 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy