CVE-2026-22705 identifies a timing side-channel vulnerability in the RustCrypto signatures library, specifically in versions prior to 0.1.0-rc.2. RustCrypto signatures provide digital signature functionality using public-key cryptography, which is essential for authentication and data integrity. The vulnerability resides in the Decompose algorithm used during the ML-DSA (Multi-Level Digital Signature Algorithm) signing process to generate hints necessary for signature creation. Due to the timing side-channel, an attacker can potentially measure the time taken by the algorithm to infer secret cryptographic material, such as private keys or intermediate values, thereby compromising the confidentiality and integrity of the signatures. The attack vector requires network access (Attack Vector: Adjacent), low privileges, and no user interaction, but has high attack complexity, meaning exploitation is non-trivial and likely requires specialized knowledge and conditions. The vulnerability does not affect availability. This issue was discovered and patched in version 0.1.0-rc.2 of the RustCrypto signatures library. No known exploits are currently reported in the wild. The CVSS v3.1 base score is 6.4, reflecting medium severity. The vulnerability is classified under CWE-1240, which concerns the use of cryptographic primitives with risky implementations, often leading to side-channel leaks. Organizations relying on RustCrypto for cryptographic signatures should update to the patched version to prevent potential leakage of sensitive cryptographic keys and maintain the security of their authentication mechanisms.

For European organizations, this vulnerability poses a risk to the confidentiality and integrity of digitally signed data, which can affect secure communications, software supply chains, and authentication systems relying on RustCrypto signatures. If exploited, attackers could recover private keys or forge signatures, leading to unauthorized access, data tampering, or impersonation attacks. Critical sectors such as finance, government, telecommunications, and critical infrastructure that use Rust-based cryptographic libraries are at heightened risk. The medium severity and high attack complexity reduce the likelihood of widespread exploitation but do not eliminate the threat, especially from advanced persistent threat (APT) actors or targeted attacks. The absence of known exploits in the wild currently limits immediate impact, but delayed patching could expose organizations to future risks. The vulnerability does not affect system availability, so denial-of-service is not a concern here. Overall, the impact is significant for confidentiality and integrity, particularly where RustCrypto signatures are integral to security controls.

European organizations should take the following specific mitigation steps: 1) Conduct an inventory of all software and systems using RustCrypto signatures, particularly versions prior to 0.1.0-rc.2. 2) Immediately update all affected RustCrypto signature libraries to version 0.1.0-rc.2 or later to apply the patch. 3) Review cryptographic key management policies to ensure keys potentially exposed by this vulnerability are rotated or replaced. 4) Implement network segmentation and strict access controls to limit exposure of systems performing cryptographic signing. 5) Monitor cryptographic operations for anomalies that could indicate side-channel exploitation attempts. 6) Educate development teams about secure cryptographic implementations and the risks of side-channel attacks. 7) For critical systems, consider additional cryptographic hardening techniques such as constant-time implementations and side-channel resistant algorithms. 8) Engage with RustCrypto maintainers and security communities for updates and best practices. These steps go beyond generic patching by emphasizing key rotation, monitoring, and secure development practices tailored to side-channel risks.