CVE-2026-24850

MEDIUM

Crates.io Ml-dsa < 0.1.0-rc.4 - Signature Verification Bypass

Title source: rule
STIX 2.1

Description

The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard (ML-DSA). Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto `ml-dsa` crate incorrectly accepts signatures with repeated (duplicate) hint indices. According to the ML-DSA specification (FIPS 204 / RFC 9881), hint indices within each polynomial must be **strictly increasing**. The current implementation uses a non-strict monotonic check (`<=` instead of `<`), allowing duplicate indices. This is a regression bug. The original implementation was correct, but a commit in version 0.0.4 inadvertently changed the strict `<` comparison to `<=`, introducing the vulnerability. Version 0.1.0-rc.4 fixes the issue.

References (11)

Scores

CVSS v3 5.3
EPSS 0.0002
EPSS Percentile 3.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-347
Status published
Products (2)
crates.io/ml-dsa 0.0.4 - 0.1.0-rc.4crates.io
RustCrypto/signatures >= 0.0.4, < 0.1.0-rc.4
Published Jan 28, 2026
Tracked Since Feb 18, 2026