CVE-2026-2681

Name of the Vulnerable Software and Affected Versions blst (affected versions not specified)

Description A flaw exists in the blst cryptographic library. This out-of-bounds stack write vulnerability is located in the blst sha256 bcopy assembly routine and is caused by a missing zero-length guard. An attacker can exploit this by providing a zero-length salt parameter to key generation functions, such as blst keygen v5(), if the application exposes this functionality. Successful exploitation results in memory corruption and process termination, leading to a denial-of-service (DoS) condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.