CVE-2026-26958

filippo.io/edwards25519 MultiScalarMult function produces invalid results or undefined behavior if receiver is not the identity

Description

filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If (*Point).MultiScalarMult is called on an initialized point that is not the identity point, it returns an incorrect result. If the method is called on an uninitialized point, the behavior is undefined. In particular, if the receiver is the zero value, MultiScalarMult returns an invalid point that compares Equal to every other point. Note that MultiScalarMult is a rarely used, advanced API. For example, users who depend on filippo.io/edwards25519 only through github.com/go-sql-driver/mysql are not affected. This issue has been fixed in version 1.1.1.

INFO

Published Date :

2026-02-19T23:01:26.923Z

Last Modified :

2026-02-20T15:39:04.748Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2026-26958 vulnerability.

Vendors	Products
Filosottile	Filippo.io/edwards25519

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-26958.

URL	Resource
https://github.com/FiloSottile/edwards25519/commit/d1c650afb95fad0742b98d95f2eb2cf031393abb
https://github.com/FiloSottile/edwards25519/releases/tag/v1.1.1
https://github.com/FiloSottile/edwards25519/security/advisories/GHSA-fw7p-63qq-7hpr
https://nvd.nist.gov/vuln/detail/CVE-2026-26958
https://www.cve.org/CVERecord?id=CVE-2026-26958