Reported

February 5, 2026

Issued

February 25, 2026

Package

libcrux-ed25519 (crates.io)

Type

Vulnerability

Aliases

• GHSA-435g-fcv3-8j26

References

• https://github.com/cryspen/libcrux/pull/1320

CVSS Score

0 NONE

CVSS Details

Attack Complexity

Low

Attack Requirements

None

Attack Vector

Network

Privileges Required

None

Availability Impact to the Subsequent System

None

Confidentiality Impact to the Subsequent System

None

Integrity Impact to the Subsequent System

None

User Interaction

None

Availability Impact to the Vulnerable System

None

Confidentiality Impact to the Vulnerable System

None

Integrity Impact to the Vulnerable System

None

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Patched

• >=0.0.6

Affected Functions

Version

libcrux_ed25519::generate_key_pair

• <=0.0.5

Description

The latest releases of the libcrux-ed25519 crate contains the following bug-fix:

#1320: Remove duplicated clamping step during key generation

The issue fixed in #1320 was first reported by Nadim Kobeissi.

Advisory available under CC0-1.0 license.