Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
1.7
filippo.io/edwards25519 MultiScalarMult produces incorrect or undefined results
CVE-2026-26958
GHSA-fw7p-63qq-7hpr
Summary
The filippo.io/edwards25519 library has a bug in its MultiScalarMult function. If you use this function with a point that's not the default or zero value, it might produce incorrect results. This is a rare issue, but if you're using filippo.io/edwards25519 via the github.com/go-sql-driver/mysql package, you're not affected. If you're unsure, consider using a more precise vulnerability scanner like govulncheck.
What to do
- Update filippo.io edwards25519 to version 1.1.1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| filippo.io | edwards25519 | <= 1.1.1 | 1.1.1 |
Original title
filippo.io/edwards25519 MultiScalarMult produces invalid results or undefined behavior if receiver is not the identity
Original description
`(*Point).MultiScalarMult` failed to initialize its receiver.
If the method was called on an initialized point that is not the identity point, MultiScalarMult produced an incorrect result.
If the method was called on an uninitialized point, the behavior was undefined. In particular, if the receiver was the zero value, MultiScalarMult returned an invalid point that compared Equal to every point.
*Note that MultiScalarMult is a rarely used advanced API. For example, if you only depend on `filippo.io/edwards25519` via `github.com/go-sql-driver/mysql`, **you are not affected**. If you were notified of this issue despite not being affected, consider switching to a vulnerability scanner that is more precise and respectful of your attention, like [govulncheck](https://go.dev/doc/tutorial/govulncheck).*
If the method was called on an initialized point that is not the identity point, MultiScalarMult produced an incorrect result.
If the method was called on an uninitialized point, the behavior was undefined. In particular, if the receiver was the zero value, MultiScalarMult returned an invalid point that compared Equal to every point.
*Note that MultiScalarMult is a rarely used advanced API. For example, if you only depend on `filippo.io/edwards25519` via `github.com/go-sql-driver/mysql`, **you are not affected**. If you were notified of this issue despite not being affected, consider switching to a vulnerability scanner that is more precise and respectful of your attention, like [govulncheck](https://go.dev/doc/tutorial/govulncheck).*
nvd CVSS4.0
1.7
Vulnerability type
CWE-665
- https://nvd.nist.gov/vuln/detail/CVE-2026-26958
- https://github.com/advisories/GHSA-fw7p-63qq-7hpr
- https://github.com/FiloSottile/edwards25519/commit/d1c650afb95fad0742b98d95f2eb2...
- https://github.com/FiloSottile/edwards25519/releases/tag/v1.1.1
- https://github.com/FiloSottile/edwards25519/security/advisories/GHSA-fw7p-63qq-7...
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026