CVE-2026-40323

Name of the Vulnerable Software and Affected Versions SP1 versions 6.0.0 through 6.0.2

Description SP1 is a zero-knowledge virtual machine that proves the correct execution of programs compiled for the RISC-V architecture. A soundness issue exists in the SP1 V6 recursive shard verifier, which allows a malicious prover to construct a recursive proof from a shard proof that the native verifier would reject. The problem stems from a missing consistency check in the recursion sub-circuit describing the jagged PCS verifier between two witnesses: the vector of row counts used for commitment binding and the prefix sums used for polynomial evaluation. This allows a prover to supply different trace shapes for commitment and evaluation. This affects both main trace and preprocessed trace metadata, potentially leading to the misrepresentation of the circuit itself, as preprocessed traces encode circuit structure such as selectors, fixed columns, and permutation layout.

Recommendations Update to version 6.1.0.