CVE-2026-1229

ADVISORY - github

Summary

The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected.

The bug was fixed in v1.6.3.

EPSS Score⁠: 0.00013 (0.020)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-682⁠

Incorrect Calculation

ADVISORY - github

CWE-682⁠

Incorrect Calculation

Impacted images

Advisories

NIST

CREATED

2 days ago

UPDATED

2 days ago

ADVISORY IDCVE-2026-1229⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-682⁠

CVSS SCORE

2.9low

GitHub

CREATED

8 hours ago

UPDATED

8 hours ago

ADVISORY IDGHSA-q9hv-hpm4-hj6x⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-682⁠

CVSS SCORE

2.9low

Ubuntu

CREATED

1 day ago

UPDATED

1 day ago

ADVISORY IDCVE-2026-1229⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium