The vulnerability CVE-2026-26958 affects the Go library filippo.io/edwards25519, which implements the edwards25519 elliptic curve for cryptographic primitives. In versions 1.1.0 and earlier, the MultiScalarMult method on the Point type exhibits improper initialization behavior (CWE-665). When MultiScalarMult is called on a Point receiver that is not the identity point or is uninitialized (such as the zero value), it returns invalid or undefined results. Notably, if the receiver is the zero value, MultiScalarMult returns a point that erroneously compares equal to every other point, violating expected cryptographic properties. This can cause incorrect cryptographic computations, potentially undermining the integrity of cryptographic protocols relying on this function. However, MultiScalarMult is an advanced and rarely used API, so typical users of the library or indirect users through common dependencies like github.com/go-sql-driver/mysql are not affected. The vulnerability does not require authentication or user interaction and is exploitable remotely, but the attack complexity is high due to the need to invoke the specific API incorrectly. The issue was addressed in version 1.1.1 by ensuring proper initialization and validation of the receiver point before performing MultiScalarMult operations. No known exploits have been reported in the wild, and the CVSS 4.0 base score is 1.7, reflecting low severity.

The primary impact of this vulnerability is the potential for incorrect cryptographic computations when using the MultiScalarMult method on improperly initialized points. This can lead to subtle cryptographic failures, such as invalid signatures or key agreement errors, which may compromise the integrity of cryptographic protocols relying on this library. However, the vulnerability does not directly expose confidential data, allow privilege escalation, or cause denial of service. Given that MultiScalarMult is an advanced API rarely used in typical applications, the scope of affected systems is limited. Organizations that build custom cryptographic solutions using this library and invoke MultiScalarMult without proper initialization risk cryptographic failures that could undermine security guarantees. Indirect users or applications relying on higher-level abstractions are unlikely to be affected. Overall, the impact is low but non-negligible for specialized cryptographic implementations.

To mitigate this vulnerability, organizations should upgrade filippo.io/edwards25519 to version 1.1.1 or later, where the issue is fixed by enforcing proper initialization of the receiver point in MultiScalarMult. Developers using this library should audit their code to ensure that MultiScalarMult is never called on uninitialized or zero-value Point instances. Implementing explicit checks or constructors that guarantee the receiver point is the identity point or properly initialized before invoking MultiScalarMult can prevent misuse. Additionally, cryptographic code reviews and testing should include validation of point initialization states to detect improper usage. For applications indirectly using this library through dependencies, verify whether those dependencies invoke MultiScalarMult; if not, the risk is minimal. Monitoring for updates and advisories from the library maintainers is recommended to stay informed about any further issues.