CVE-2026-44368
Description
PyQuorum is a cryptographic library for secret sharing and key management. Prior to 0.2.1, the mul_mod function implements multiplication via a binary expansion loop whose execution time depends on the Hamming weight of the second operand (the exponent). An attacker who can measure the time of secret‑sharing operations (e.g., via a remote service) could progressively recover the values of shares, ultimately leading to secret reconstruction. This vulnerability is fixed in 0.2.1.
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2026-44368? +
How do I check if I'm vulnerable to CVE-2026-44368? +
Related Vulnerabilities
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned …
Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows …
Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in …
Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing (VSS) scheme. In versions 0.8.0b2 …
Quiet is an alternative to team chat apps like Slack, Discord, and Element that does not require trusting a central …
Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to …