CVE-2026-24850

MEDIUM EPSS 21.5%
Published Jan 28, 20265mo ago · Modified Jun 17, 20262w ago
5.3 CVSS 3.1
Medium
Find Similar
Published Jan 28, 2026 5mo ago
Last Modified Jun 17, 2026 2w ago

Description

The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard (ML-DSA). Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto `ml-dsa` crate incorrectly accepts signatures with repeated (duplicate) hint indices. According to the ML-DSA specification (FIPS 204 / RFC 9881), hint indices within each polynomial must be **strictly increasing**. The current implementation uses a non-strict monotonic check (`<=` instead of `<`), allowing duplicate indices. This is a regression bug. The original implementation was correct, but a commit in version 0.0.4 inadvertently changed the strict `<` comparison to `<=`, introducing the vulnerability. Version 0.1.0-rc.4 fixes the issue.

CVSS Details

Base Score
5.3
Exploitability
3.9
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
21.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-347

References 11

  • csrc.nist.gov https://csrc.nist.gov/pubs/fips/204/final
  • datatracker.ietf.org https://datatracker.ietf.org/doc/html/rfc9881
  • github.com https://github.com/C2SP/wycheproof
  • github.com https://github.com/C2SP/wycheproof/blob/master/testvectors_v1/mldsa_44_verify_test.json
  • github.com https://github.com/C2SP/wycheproof/blob/master/testvectors_v1/mldsa_65_verify_test.json
  • github.com https://github.com/C2SP/wycheproof/blob/master/testvectors_v1/mldsa_87_verify_test.json
  • github.com https://github.com/RustCrypto/signatures/commit/400961412be2e2ab787942cf30e0a9b66b37a54a
  • github.com https://github.com/RustCrypto/signatures/commit/b01c3b73dd08d0094e089aa234f78b6089ec1f38
  • github.com https://github.com/RustCrypto/signatures/issues/894
  • github.com https://github.com/RustCrypto/signatures/pull/895
  • github.com https://github.com/RustCrypto/signatures/security/advisories/GHSA-5x2r-hc65-25f9

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.