PT-2026-20785 · Unknown+1 · Filippo.Io/Edwards25519+2

Shaharcohen1

·

Published

2026-02-17

·

Updated

2026-04-30

·

CVE-2026-26958

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions filippo.io/edwards25519 versions 1.1.0 and earlier
Description The filippo.io/edwards25519 Go library, used for edwards25519 elliptic curve cryptography, has an issue where the MultiScalarMult function produces incorrect results or undefined behavior when called with an improperly initialized point. Specifically, if (*Point).MultiScalarMult is invoked on a point that is not the identity point, an incorrect result is returned. If called on an uninitialized point, the behavior is undefined, potentially returning an invalid point that compares equal to all other points. This function is considered a rarely used, advanced API. Users relying on filippo.io/edwards25519 through github.com/go-sql-driver/mysql are not affected.
Recommendations Upgrade to version 1.1.1 or later to resolve this issue. If you are using the MultiScalarMult function, ensure the receiver is properly initialized to the identity point before calling the function.

Exploit

Fix

Improper Initialization

Weakness Enumeration

CWE-665

Related Identifiers

AZL-78123
AZL-78216
BDU:2026-05703
CLEANSTART-2026-AC65885
CLEANSTART-2026-AL68245
CLEANSTART-2026-AM88528
CLEANSTART-2026-AN01004
CLEANSTART-2026-AR20742
CLEANSTART-2026-AT91215
CLEANSTART-2026-BB70412
CLEANSTART-2026-BK17545
CLEANSTART-2026-BT99405
CLEANSTART-2026-BY85815
CLEANSTART-2026-CY45415
CLEANSTART-2026-DI15427
CLEANSTART-2026-DK61762
CLEANSTART-2026-DN20646
CLEANSTART-2026-DQ17669
CLEANSTART-2026-FR97108
CLEANSTART-2026-FX27781
CLEANSTART-2026-GK29346
CLEANSTART-2026-GM09342
CLEANSTART-2026-HF45264
CLEANSTART-2026-HK06185
CLEANSTART-2026-HM40094
CLEANSTART-2026-HQ88036
CLEANSTART-2026-HX97842
CLEANSTART-2026-IR69938
CLEANSTART-2026-IX47217
CLEANSTART-2026-JF28061
CLEANSTART-2026-JK59495
CLEANSTART-2026-KT28044
CLEANSTART-2026-LD15132
CLEANSTART-2026-LP76319
CLEANSTART-2026-LS00044
CLEANSTART-2026-LS30652
CLEANSTART-2026-MK01488
CLEANSTART-2026-ML41879
CLEANSTART-2026-MS81166
CLEANSTART-2026-MU81308
CLEANSTART-2026-MW73882
CLEANSTART-2026-NV36169
CLEANSTART-2026-OP90222
CLEANSTART-2026-OW78143
CLEANSTART-2026-PJ76318
CLEANSTART-2026-PW57640
CLEANSTART-2026-PZ85180
CLEANSTART-2026-RI97043
CLEANSTART-2026-SR26977
CLEANSTART-2026-SY28275
CLEANSTART-2026-TN07413
CLEANSTART-2026-TZ92532
CLEANSTART-2026-UZ17701
CLEANSTART-2026-VI68146
CLEANSTART-2026-VJ56922
CLEANSTART-2026-VL19675
CLEANSTART-2026-VY24921
CLEANSTART-2026-VZ35122
CLEANSTART-2026-WB12909
CLEANSTART-2026-WB89098
CVE-2026-26958
GHSA-FW7P-63QQ-7HPR
GO-2026-4503
OPENSUSE-SU-2026:10235-1
OPENSUSE-SU-2026:10601-1
OPENSUSE-SU-2026:10618-1
OPENSUSE-SU-2026:20386-1
OPENSUSE-SU-2026:20752-1
SUSE-SU-2026:0757-1
SUSE-SU-2026:0777-1
SUSE-SU-2026:1524-1
SUSE-SU-2026:20904-1

Affected Products

Red Os
Filippo.Io/Edwards25519
Github.Com/Go-Sql-Driver/Mysql