PyQuorum is a cryptographic library for secret sharing and key management. Prior to 0.2.1, the mul_mod function implements multiplication via a binary expansion loop whose execution time depends on the Hamming weight of the second operand (the exponent). An attacker who can measure the time of secret‑sharing operations (e.g., via a remote service) could progressively recover the values of shares, ultimately leading to secret reconstruction. This vulnerability is fixed in 0.2.1.
{
"cna_assigner": "GitHub_M",
"cwe_ids": [
"CWE-208"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/44xxx/CVE-2026-44368.json"
}