CVE 8.9 HIGH

Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss_CVE-2026-46654

June 10, 2026 invoker category_cve

8.9 / 10

HIGH

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N

Description

Plonky3 is a toolkit for polynomial IOPs (PIOPs). Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side observations can craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir. This issue has been patched in versions 0.4.3 and 0.5.3.

AI Analysis

Transcript malleability and challenge entropy loss vulnerability in Plonky3 prior to versions 0.4.3 and 0.5.3

Basic Information

ID CVE-2026-46654

Source GitHub_M

Published Jun 10, 2026 at 20:06

Affected Product

Vendor Plonky3

Product Plonky3

Version < 0.4.3

Affected Versions Plonky3 Plonky3 < 0.4.3
Plonky3 Plonky3 >= 0.5.0, < 0.5.3

CWE Classification

CWE-1240 CWE-345

AI Assessment

AI Score 8.9 / 10

AI Severity High

Vendor Plonky3

Product Plonky3

Version < 0.4.3, >= 0.5.0 and < 0.5.3

References

github.com /Plonky3/Plonky3/security/advisories/GHSA-vj64-rjf3-w3v7

{
    "lastseen": "",
    "description": "Plonky3 is a toolkit for polynomial IOPs (PIOPs). Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side observations can craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir. This issue has been patched in versions 0.4.3 and 0.5.3.",
    "published": "2026-06-10T20:06:10.554Z",
    "modified": "2026-06-10T20:06:10.554Z",
    "type": "cve",
    "title": "Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss",
    "source": "GitHub_M",
    "references": "https://github.com/Plonky3/Plonky3/security/advisories/GHSA-vj64-rjf3-w3v7",
    "id": "CVE-2026-46654",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1240",
        "CWE-345"
    ],
    "cvelist": null,
    "sourceData": "Plonky3 Plonky3 < 0.4.3\nPlonky3 Plonky3 >= 0.5.0, < 0.5.3",
    "sourceHref": "",
    "cvss": {
        "score": 8.9,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Plonky3",
    "version": "< 0.4.3",
    "vendor": "Plonky3",
    "ai_description": "Transcript malleability and challenge entropy loss vulnerability in Plonky3 prior to versions 0.4.3 and 0.5.3",
    "ai_severity": "High",
    "ai_vendor": "Plonky3",
    "ai_product": "Plonky3",
    "ai_version": "< 0.4.3, >= 0.5.0 and < 0.5.3",
    "ai_score": 8.9
}

💭 Join the Security Discussion ❌ Cancel Reply