CVE-2026-46654

Source
https://cve.org/CVERecord?id=CVE-2026-46654
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46654.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-46654
Aliases
Published
2026-06-10T20:06:10.554Z
Modified
2026-07-08T08:14:18.998358296Z
Severity
  • 8.9 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N CVSS Calculator
Summary
Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss
Details

Plonky3 is a toolkit for polynomial IOPs (PIOPs). Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side observations can craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir. This issue has been patched in versions 0.4.3 and 0.5.3.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46654.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-1240",
        "CWE-345"
    ]
}
References

Affected packages

Git / github.com/plonky3/plonky3

Affected ranges

Type
GIT
Repo
https://github.com/plonky3/plonky3
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Introduced
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.4.3"
        },
        {
            "introduced": "0.5.0"
        },
        {
            "fixed": "0.5.3"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

p3-air-v0.*
p3-air-v0.4.2
p3-air-v0.5.0
p3-air-v0.5.1
p3-air-v0.5.2
p3-baby-bear-v0.*
p3-baby-bear-v0.4.2
p3-baby-bear-v0.5.0
p3-baby-bear-v0.5.1
p3-baby-bear-v0.5.2
p3-batch-stark-v0.*
p3-batch-stark-v0.4.2
p3-batch-stark-v0.5.0
p3-batch-stark-v0.5.1
p3-batch-stark-v0.5.2
p3-blake3-air-v0.*
p3-blake3-air-v0.4.2
p3-blake3-air-v0.5.0
p3-blake3-air-v0.5.1
p3-blake3-air-v0.5.2
p3-blake3-v0.*
p3-blake3-v0.4.2
p3-blake3-v0.5.0
p3-blake3-v0.5.1
p3-blake3-v0.5.2
p3-bn254-v0.*
p3-bn254-v0.4.2
p3-bn254-v0.5.0
p3-bn254-v0.5.1
p3-bn254-v0.5.2
p3-challenger-v0.*
p3-challenger-v0.4.2
p3-challenger-v0.5.0
p3-challenger-v0.5.1
p3-challenger-v0.5.2
p3-circle-v0.*
p3-circle-v0.4.2
p3-circle-v0.5.0
p3-circle-v0.5.1
p3-circle-v0.5.2
p3-commit-v0.*
p3-commit-v0.4.2
p3-commit-v0.5.0
p3-commit-v0.5.1
p3-commit-v0.5.2
p3-dft-v0.*
p3-dft-v0.4.2
p3-dft-v0.5.0
p3-dft-v0.5.1
p3-dft-v0.5.2
p3-field-testing-v0.*
p3-field-testing-v0.4.2
p3-field-testing-v0.5.0
p3-field-testing-v0.5.1
p3-field-testing-v0.5.2
p3-field-v0.*
p3-field-v0.4.2
p3-field-v0.5.0
p3-field-v0.5.1
p3-field-v0.5.2
p3-fri-v0.*
p3-fri-v0.4.2
p3-fri-v0.5.0
p3-fri-v0.5.1
p3-fri-v0.5.2
p3-goldilocks-v0.*
p3-goldilocks-v0.4.2
p3-goldilocks-v0.5.0
p3-goldilocks-v0.5.1
p3-goldilocks-v0.5.2
p3-interpolation-v0.*
p3-interpolation-v0.4.2
p3-interpolation-v0.5.0
p3-interpolation-v0.5.1
p3-interpolation-v0.5.2
p3-keccak-air-v0.*
p3-keccak-air-v0.4.2
p3-keccak-air-v0.5.0
p3-keccak-air-v0.5.1
p3-keccak-air-v0.5.2
p3-keccak-v0.*
p3-keccak-v0.4.2
p3-keccak-v0.5.0
p3-keccak-v0.5.1
p3-keccak-v0.5.2
p3-koala-bear-v0.*
p3-koala-bear-v0.4.2
p3-koala-bear-v0.5.0
p3-koala-bear-v0.5.1
p3-koala-bear-v0.5.2
p3-lookup-v0.*
p3-lookup-v0.4.2
p3-lookup-v0.5.0
p3-lookup-v0.5.1
p3-lookup-v0.5.2
p3-matrix-v0.*
p3-matrix-v0.4.2
p3-matrix-v0.5.0
p3-matrix-v0.5.1
p3-matrix-v0.5.2
p3-maybe-rayon-v0.*
p3-maybe-rayon-v0.4.0
p3-maybe-rayon-v0.4.1
p3-maybe-rayon-v0.4.2
p3-maybe-rayon-v0.5.0
p3-maybe-rayon-v0.5.1
p3-maybe-rayon-v0.5.2
p3-mds-v0.*
p3-mds-v0.4.2
p3-mds-v0.5.0
p3-mds-v0.5.1
p3-mds-v0.5.2
p3-merkle-tree-v0.*
p3-merkle-tree-v0.4.2
p3-merkle-tree-v0.5.0
p3-merkle-tree-v0.5.1
p3-merkle-tree-v0.5.2
p3-mersenne-31-v0.*
p3-mersenne-31-v0.4.2
p3-mersenne-31-v0.5.0
p3-mersenne-31-v0.5.1
p3-mersenne-31-v0.5.2
p3-monolith-v0.*
p3-monolith-v0.4.2
p3-monolith-v0.5.0
p3-monolith-v0.5.1
p3-monolith-v0.5.2
p3-monty-31-v0.*
p3-monty-31-v0.4.2
p3-monty-31-v0.5.0
p3-monty-31-v0.5.1
p3-monty-31-v0.5.2
p3-multilinear-util-v0.*
p3-multilinear-util-v0.4.2
p3-multilinear-util-v0.5.0
p3-multilinear-util-v0.5.1
p3-multilinear-util-v0.5.2
p3-poseidon-v0.*
p3-poseidon-v0.4.2
p3-poseidon1-air-v0.*
p3-poseidon1-air-v0.5.0
p3-poseidon1-air-v0.5.2
p3-poseidon1-v0.*
p3-poseidon1-v0.5.0
p3-poseidon1-v0.5.2
p3-poseidon2-air-v0.*
p3-poseidon2-air-v0.4.2
p3-poseidon2-air-v0.5.0
p3-poseidon2-air-v0.5.1
p3-poseidon2-air-v0.5.2
p3-poseidon2-v0.*
p3-poseidon2-v0.4.2
p3-poseidon2-v0.5.0
p3-poseidon2-v0.5.1
p3-poseidon2-v0.5.2
p3-rescue-v0.*
p3-rescue-v0.4.2
p3-rescue-v0.5.0
p3-rescue-v0.5.1
p3-rescue-v0.5.2
p3-sha256-v0.*
p3-sha256-v0.4.2
p3-sha256-v0.5.0
p3-sha256-v0.5.1
p3-sha256-v0.5.2
p3-symmetric-v0.*
p3-symmetric-v0.4.2
p3-symmetric-v0.5.0
p3-symmetric-v0.5.1
p3-symmetric-v0.5.2
p3-uni-stark-v0.*
p3-uni-stark-v0.4.2
p3-uni-stark-v0.5.0
p3-uni-stark-v0.5.1
p3-uni-stark-v0.5.2
p3-util-v0.*
p3-util-v0.4.0
p3-util-v0.4.1
p3-util-v0.4.2
p3-util-v0.5.0
p3-util-v0.5.1
p3-util-v0.5.2
v0.*
v0.2.0
v0.4.0
v0.4.1
v0.4.2
v0.5.0
v0.5.1
v0.5.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46654.json"