{"id":"GO-2026-4503","summary":"Invalid result or undefined behavior in filippo.io/edwards25519","details":"Previously, if MultiScalarMult was invoked on an initialized point who was not the identity point, MultiScalarMult produced an incorrect result. If called on an uninitialized point, MultiScalarMult exhibited undefined behavior.","aliases":["CVE-2026-26958","GHSA-fw7p-63qq-7hpr"],"modified":"2026-02-19T20:41:24.219467Z","published":"2026-02-17T21:58:22Z","related":["CGA-2p5w-8865-7rch"],"database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2026-4503"},"references":[{"type":"ADVISORY","url":"https://github.com/FiloSottile/edwards25519/security/advisories/GHSA-fw7p-63qq-7hpr"},{"type":"FIX","url":"https://github.com/FiloSottile/edwards25519/commit/d1c650afb95fad0742b98d95f2eb2cf031393abb"}],"affected":[{"package":{"name":"filippo.io/edwards25519","ecosystem":"Go","purl":"pkg:golang/filippo.io/edwards25519"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.1.1"}]}],"ecosystem_specific":{"imports":[{"symbols":["Point.MultiScalarMult"],"path":"filippo.io/edwards25519"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2026-4503.json"}}],"schema_version":"1.7.3","credits":[{"name":"shaharcohen1"},{"name":"WeebDataHoarder"}]}