CVE-2026-46669
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk20th percentile - higher than 20% of all known CVEs
Summary
In the openvm-pairing library prior to version 1.6.0, the try_honest_pairing_check function does not verify that the scaling factor s is in a proper subfield of Fp12, leading to incorrect pairing check results.
Risk Assessment
Incorrect pairing check results may lead to improper functioning of applications using the OpenVM framework, potentially impacting data security.
Recommendation
It is recommended to upgrade to version 1.6.0 or later to mitigate this vulnerability.
Original NVD description (English source)
OpenVM is a performant and modular zkVM framework built for customization and extensibility. Prior to version 1.6.0, the openvm-pairing guest library's try_honest_pairing_check function invokes Theorem 3 of https://eprint.iacr.org/2024/640.pdf but does not check that the scaling factor s is in a proper subfield of Fp12. This allows incorrect results to the pairing check. This issue has been patched in version 1.6.0.

