CVE-2026-32129: CWE-328: Use of Weak Hash in stellar rs-soroban-poseidon
soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. Poseidon V1 (PoseidonSponge) accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate (inputs.len() < T - 1), unused rate positions are implicitly zero-filled. This allows trivial hash collisions: for any input vector [m1, ..., mk] hashed with a sponge of rate > k, hash([m1, ..., mk]) equals hash([m1, ..., mk, 0]) because both produce identical pre-permutation states. This affects any use of PoseidonSponge or poseidon_hash where the number of inputs is less than T - 1 (e.g., hashing 1 input with T=3). Poseidon2 (Poseidon2Sponge) is not affected.
AI Analysis
Technical Summary
The vulnerability CVE-2026-32129 affects the Poseidon V1 (PoseidonSponge) cryptographic hash function implementation in the stellar rs-soroban-poseidon library, which is used for hashing in Soroban smart contracts. PoseidonSponge processes inputs using a sponge construction with a defined rate parameter T. When the input vector length is less than T - 1, the implementation implicitly zero-fills the remaining rate positions without applying any injective padding scheme. This design flaw causes different input vectors to produce identical pre-permutation states, resulting in trivial hash collisions. For example, hashing [m1, ..., mk] yields the same hash as [m1, ..., mk, 0] if k < T - 1. Such collisions violate the collision resistance property critical to cryptographic hash functions, potentially allowing attackers to substitute or manipulate inputs without detection. The Poseidon2 variant (Poseidon2Sponge) is not vulnerable, indicating that the issue is specific to the Poseidon V1 sponge construction. The vulnerability affects all versions of rs-soroban-poseidon prior to 25.0.1. The CVSS 4.0 score of 8.7 reflects the vulnerability's network exploitability, lack of required privileges or user interaction, and high impact on integrity. No known exploits have been reported in the wild yet, but the flaw poses a significant risk to the security of smart contracts relying on this hash function for integrity guarantees.
Potential Impact
This vulnerability undermines the collision resistance of the Poseidon V1 hash function in Soroban smart contracts, potentially allowing attackers to create different inputs that hash to the same value. This can lead to integrity violations in smart contract logic, such as bypassing validation checks, forging signatures, or manipulating contract state transitions. Since Soroban is a smart contract platform on the Stellar blockchain, the impact extends to decentralized applications (dApps) and financial transactions relying on these contracts. Exploitation could result in financial loss, unauthorized asset transfers, or disruption of contract operations. The vulnerability is exploitable remotely without authentication or user interaction, increasing its risk. Organizations using affected versions of rs-soroban-poseidon may face reputational damage, regulatory scrutiny, and operational disruptions if the flaw is exploited. The absence of known exploits currently provides a window for remediation, but the high severity score indicates urgent attention is needed to prevent future attacks.
Mitigation Recommendations
Organizations should immediately upgrade rs-soroban-poseidon to version 25.0.1 or later, where this vulnerability is addressed. If upgrading is not immediately feasible, developers should avoid using Poseidon V1 (PoseidonSponge) for hashing inputs with lengths less than the sponge rate minus one, or implement explicit injective padding to prevent zero-filling collisions. Reviewing and auditing smart contracts that rely on PoseidonSponge hashing is critical to identify potential misuse or vulnerable code paths. Employing Poseidon2 (Poseidon2Sponge), which is not affected, is recommended as a safer alternative. Additionally, integrating fuzz testing and formal verification for smart contract hashing logic can help detect similar weaknesses. Monitoring blockchain activity for anomalous transactions or hash collisions may provide early warning signs of exploitation attempts. Finally, educating developers about the importance of cryptographic padding and collision resistance in hash functions will reduce the risk of similar vulnerabilities in the future.
Affected Countries
United States, Germany, Japan, South Korea, Singapore, United Kingdom, Canada, Switzerland, Australia, Netherlands
CVE-2026-32129: CWE-328: Use of Weak Hash in stellar rs-soroban-poseidon
Description
soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. Poseidon V1 (PoseidonSponge) accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate (inputs.len() < T - 1), unused rate positions are implicitly zero-filled. This allows trivial hash collisions: for any input vector [m1, ..., mk] hashed with a sponge of rate > k, hash([m1, ..., mk]) equals hash([m1, ..., mk, 0]) because both produce identical pre-permutation states. This affects any use of PoseidonSponge or poseidon_hash where the number of inputs is less than T - 1 (e.g., hashing 1 input with T=3). Poseidon2 (Poseidon2Sponge) is not affected.
AI-Powered Analysis
Technical Analysis
The vulnerability CVE-2026-32129 affects the Poseidon V1 (PoseidonSponge) cryptographic hash function implementation in the stellar rs-soroban-poseidon library, which is used for hashing in Soroban smart contracts. PoseidonSponge processes inputs using a sponge construction with a defined rate parameter T. When the input vector length is less than T - 1, the implementation implicitly zero-fills the remaining rate positions without applying any injective padding scheme. This design flaw causes different input vectors to produce identical pre-permutation states, resulting in trivial hash collisions. For example, hashing [m1, ..., mk] yields the same hash as [m1, ..., mk, 0] if k < T - 1. Such collisions violate the collision resistance property critical to cryptographic hash functions, potentially allowing attackers to substitute or manipulate inputs without detection. The Poseidon2 variant (Poseidon2Sponge) is not vulnerable, indicating that the issue is specific to the Poseidon V1 sponge construction. The vulnerability affects all versions of rs-soroban-poseidon prior to 25.0.1. The CVSS 4.0 score of 8.7 reflects the vulnerability's network exploitability, lack of required privileges or user interaction, and high impact on integrity. No known exploits have been reported in the wild yet, but the flaw poses a significant risk to the security of smart contracts relying on this hash function for integrity guarantees.
Potential Impact
This vulnerability undermines the collision resistance of the Poseidon V1 hash function in Soroban smart contracts, potentially allowing attackers to create different inputs that hash to the same value. This can lead to integrity violations in smart contract logic, such as bypassing validation checks, forging signatures, or manipulating contract state transitions. Since Soroban is a smart contract platform on the Stellar blockchain, the impact extends to decentralized applications (dApps) and financial transactions relying on these contracts. Exploitation could result in financial loss, unauthorized asset transfers, or disruption of contract operations. The vulnerability is exploitable remotely without authentication or user interaction, increasing its risk. Organizations using affected versions of rs-soroban-poseidon may face reputational damage, regulatory scrutiny, and operational disruptions if the flaw is exploited. The absence of known exploits currently provides a window for remediation, but the high severity score indicates urgent attention is needed to prevent future attacks.
Mitigation Recommendations
Organizations should immediately upgrade rs-soroban-poseidon to version 25.0.1 or later, where this vulnerability is addressed. If upgrading is not immediately feasible, developers should avoid using Poseidon V1 (PoseidonSponge) for hashing inputs with lengths less than the sponge rate minus one, or implement explicit injective padding to prevent zero-filling collisions. Reviewing and auditing smart contracts that rely on PoseidonSponge hashing is critical to identify potential misuse or vulnerable code paths. Employing Poseidon2 (Poseidon2Sponge), which is not affected, is recommended as a safer alternative. Additionally, integrating fuzz testing and formal verification for smart contract hashing logic can help detect similar weaknesses. Monitoring blockchain activity for anomalous transactions or hash collisions may provide early warning signs of exploitation attempts. Finally, educating developers about the importance of cryptographic padding and collision resistance in hash functions will reduce the risk of similar vulnerabilities in the future.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-10T22:19:36.545Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69b2ff142f860ef943d3c349
Added to database: 3/12/2026, 5:59:48 PM
Last enriched: 3/12/2026, 6:14:24 PM
Last updated: 3/12/2026, 7:05:22 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.