CVE-2026-24850

Name of the Vulnerable Software and Affected Versions ML-DSA crate versions 0.0.4 through 0.1.0-rc.4

Description The ML-DSA crate, a Rust implementation of the Module-Lattice-Based Digital Signature Standard (ML-DSA), contains a flaw in its signature verification implementation. Versions starting from 0.0.4 and before 0.1.0-rc.4 incorrectly accept signatures with repeated hint indices. The ML-DSA specification requires hint indices within each polynomial to be strictly increasing, but the implementation uses a non-strict monotonic check, allowing duplicate indices. This is a regression introduced by a change from a strict comparison (<) to a non-strict comparison (<=) in version 0.0.4.

Recommendations Update to version 0.1.0-rc.4 or later.