Reported

May 5, 2026

Issued

May 13, 2026

Package

libcrux-ml-dsa (crates.io)

Type

Vulnerability

References

• https://github.com/cryspen/libcrux/pull/1398
• https://github.com/C2SP/wycheproof/pull/234
• https://github.com/tink-crypto/tink-go/pull/48

CVSS Score

8.2 HIGH

CVSS Details

Attack Complexity

Low

Attack Requirements

Present

Attack Vector

Network

Privileges Required

None

Availability Impact to the Subsequent System

None

Confidentiality Impact to the Subsequent System

None

Integrity Impact to the Subsequent System

None

User Interaction

None

Availability Impact to the Vulnerable System

None

Confidentiality Impact to the Vulnerable System

None

Integrity Impact to the Vulnerable System

High

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Patched

• >=0.0.9

Affected Architectures

• x86_64

Description

The AVX2 implementation of ML-DSA verification incorrectly implemented the use_hint function, mishandling an edge case that should lead to signature rejection.

Impact

An attacker could make the ML-DSA verifier accept a crafted invalid signature under a maliciously generated verification key, if the AVX2 implementation is used.

Mitigation

From version 0.0.9 the edge case is handled correctly and invalid signatures are rejected.

Advisory available under CC0-1.0 license.