CVE Catalog

CVE-2026-46654

HighCVSS 8.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

2th percentile - higher than 2% of all known CVEs

Summary

Plonky3 is a toolkit for polynomial IOPs (PIOPs). Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side observations could craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir.

Risk Assessment

Organizations using the vulnerable versions may be exposed to attacks that could lead to fraud in processes requiring challenge integrity.

Recommendation

It is recommended to upgrade to versions 0.4.3 or 0.5.3 to mitigate this vulnerability.

Original NVD description (English source)

Plonky3 is a toolkit for polynomial IOPs (PIOPs). Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side observations can craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir. This issue has been patched in versions 0.4.3 and 0.5.3.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS