The vulnerability CVE-2026-26958 affects the Go library filippo.io/edwards25519, which implements the edwards25519 elliptic curve for cryptographic primitives. In versions 1.1.0 and earlier, the MultiScalarMult method on the Point type does not properly handle initialization states. When MultiScalarMult is invoked on a Point that is initialized but not the identity point, it returns incorrect results. Worse, if called on an uninitialized Point (the zero value), it returns an invalid point that compares equal to every other point, violating fundamental cryptographic assumptions. This improper initialization (CWE-665) can lead to subtle cryptographic errors, potentially undermining the correctness of higher-level cryptographic protocols relying on this function. However, MultiScalarMult is an advanced, rarely used API, and typical users of the library or indirect users through common dependencies are not affected. The issue was publicly disclosed on February 19, 2026, and fixed in version 1.1.1. The vulnerability does not require authentication or user interaction but has a high attack complexity and limited impact, reflected in a CVSS 4.0 base score of 1.7.

The impact of this vulnerability is primarily on the integrity of cryptographic operations that rely on the MultiScalarMult function of the filippo.io/edwards25519 library. Incorrect or undefined results can lead to cryptographic failures or incorrect computations, potentially causing higher-level protocols to malfunction or produce invalid outputs. However, since MultiScalarMult is a rarely used advanced API and the vulnerability does not affect common dependencies, the scope of impact is limited. There is no direct impact on confidentiality or availability. No known exploits exist, and the complexity of triggering the flaw is high, reducing the likelihood of widespread exploitation. Organizations using this library in custom cryptographic implementations that utilize MultiScalarMult are at risk of subtle cryptographic errors, which could undermine security guarantees if not patched.

Organizations should upgrade filippo.io/edwards25519 to version 1.1.1 or later, where the vulnerability is fixed. Developers using the MultiScalarMult API should audit their code to ensure that Point objects are properly initialized before use, avoiding zero-value or non-identity points as receivers. It is advisable to add explicit checks or assertions to verify the state of Point instances prior to calling MultiScalarMult. For users who do not directly use this API or rely on common dependencies like github.com/go-sql-driver/mysql, no immediate action is required. Security teams should monitor for updates from the vendor and incorporate the patched library version into their software supply chain. Additionally, cryptographic code reviews and testing should be enhanced to detect improper initialization issues in cryptographic primitives.