{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32129", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-10T22:19:36.545Z", "datePublished": "2026-03-12T17:47:10.717Z", "dateUpdated": "2026-03-13T16:23:54.655Z"}, "containers": {"cna": {"title": "Poseidon V1 variable-length input collision via implicit zero-padding", "problemTypes": [{"descriptions": [{"cweId": "CWE-328", "lang": "en", "description": "CWE-328: Use of Weak Hash", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/stellar/rs-soroban-poseidon/security/advisories/GHSA-g2p6-hh5v-7hfm", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/stellar/rs-soroban-poseidon/security/advisories/GHSA-g2p6-hh5v-7hfm"}, {"name": "https://github.com/stellar/rs-soroban-poseidon/pull/10", "tags": ["x_refsource_MISC"], "url": "https://github.com/stellar/rs-soroban-poseidon/pull/10"}, {"name": "https://github.com/stellar/rs-soroban-poseidon/releases/tag/v25.0.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/stellar/rs-soroban-poseidon/releases/tag/v25.0.1"}], "affected": [{"vendor": "stellar", "product": "rs-soroban-poseidon", "versions": [{"version": "< 25.0.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-12T17:47:10.717Z"}, "descriptions": [{"lang": "en", "value": "soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. Poseidon V1 (PoseidonSponge) accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate (inputs.len() < T - 1), unused rate positions are implicitly zero-filled. This allows trivial hash collisions: for any input vector [m1, ..., mk] hashed with a sponge of rate > k, hash([m1, ..., mk]) equals hash([m1, ..., mk, 0]) because both produce identical pre-permutation states. This affects any use of PoseidonSponge or poseidon_hash where the number of inputs is less than T - 1 (e.g., hashing 1 input with T=3). Poseidon2 (Poseidon2Sponge) is not affected."}], "source": {"advisory": "GHSA-g2p6-hh5v-7hfm", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T16:23:48.432393Z", "id": "CVE-2026-32129", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T16:23:54.655Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32129", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T16:23:48.432393Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T16:23:52.047Z"}}], "cna": {"title": "Poseidon V1 variable-length input collision via implicit zero-padding", "source": {"advisory": "GHSA-g2p6-hh5v-7hfm", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "stellar", "product": "rs-soroban-poseidon", "versions": [{"status": "affected", "version": "< 25.0.1"}]}], "references": [{"url": "https://github.com/stellar/rs-soroban-poseidon/security/advisories/GHSA-g2p6-hh5v-7hfm", "name": "https://github.com/stellar/rs-soroban-poseidon/security/advisories/GHSA-g2p6-hh5v-7hfm", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/stellar/rs-soroban-poseidon/pull/10", "name": "https://github.com/stellar/rs-soroban-poseidon/pull/10", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/stellar/rs-soroban-poseidon/releases/tag/v25.0.1", "name": "https://github.com/stellar/rs-soroban-poseidon/releases/tag/v25.0.1", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. Poseidon V1 (PoseidonSponge) accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate (inputs.len() < T - 1), unused rate positions are implicitly zero-filled. This allows trivial hash collisions: for any input vector [m1, ..., mk] hashed with a sponge of rate > k, hash([m1, ..., mk]) equals hash([m1, ..., mk, 0]) because both produce identical pre-permutation states. This affects any use of PoseidonSponge or poseidon_hash where the number of inputs is less than T - 1 (e.g., hashing 1 input with T=3). Poseidon2 (Poseidon2Sponge) is not affected."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-328", "description": "CWE-328: Use of Weak Hash"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-12T17:47:10.717Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32129", "state": "PUBLISHED", "dateUpdated": "2026-03-13T16:23:54.655Z", "dateReserved": "2026-03-10T22:19:36.545Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-12T17:47:10.717Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. Poseidon V1 (PoseidonSponge) accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate (inputs.len() < T - 1), unused rate positions are implicitly zero-filled. This allows trivial hash collisions: for any input vector [m1, ..., mk] hashed with a sponge of rate > k, hash([m1, ..., mk]) equals hash([m1, ..., mk, 0]) because both produce identical pre-permutation states. This affects any use of PoseidonSponge or poseidon_hash where the number of inputs is less than T - 1 (e.g., hashing 1 input with T=3). Poseidon2 (Poseidon2Sponge) is not affected."}, {"lang": "es", "value": "soroban-poseidon proporciona funciones hash criptogr\u00e1ficas Poseidon y Poseidon2 para contratos inteligentes de Soroban. Poseidon V1 (PoseidonSponge) acepta entradas de longitud variable sin relleno inyectivo. Cuando un llamador proporciona menos entradas que la tasa de la esponja (inputs.len() &lt; T - 1), las posiciones de tasa no utilizadas se rellenan impl\u00edcitamente con ceros. Esto permite colisiones hash triviales: para cualquier vector de entrada [m1, ..., mk] hasheado con una esponja de tasa &gt; k, hash([m1, ..., mk]) es igual a hash([m1, ..., mk, 0]) porque ambos producen estados de pre-permutaci\u00f3n id\u00e9nticos. Esto afecta cualquier uso de PoseidonSponge o poseidon_hash donde el n\u00famero de entradas es menor que T - 1 (p. ej., hashear 1 entrada con T=3). Poseidon2 (Poseidon2Sponge) no se ve afectado."}], "id": "CVE-2026-32129", "lastModified": "2026-04-16T14:47:16.733", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-12T18:16:25.097", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/stellar/rs-soroban-poseidon/pull/10"}, {"source": "security-advisories@github.com", "url": "https://github.com/stellar/rs-soroban-poseidon/releases/tag/v25.0.1"}, {"source": "security-advisories@github.com", "url": "https://github.com/stellar/rs-soroban-poseidon/security/advisories/GHSA-g2p6-hh5v-7hfm"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-328"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,25.0.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "rs-soroban-poseidon", "vendor": "stellar"}], "analysis": {"en": {"generated_at": "2026-03-18T15:33:40.827347+00:00", "value": {"mitigation_remediation": ["Upgrade the stellar:rs-soroban-poseidon library to version v25.0.1 or later, which removes the implicit zero-padding behavior.", "Ensure that all smart contracts using PoseidonSponge avoid supplying fewer inputs than the sponge rate or add explicit padding before hashing.", "As a temporary workaround, use the Poseidon2Sponge implementation (poseidon2_hash) for new contracts until the PoseidonV1 issue is fully resolved."], "summary": {"action": "Apply Patch", "impact": "Hash Collision"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Stellar rs\u2011soroban\u2011poseidon library, specifically the PoseidonV1 (PoseidonSponge) implementation. Any smart contract or application that invokes poseidon_hash or PoseidonSponge with fewer inputs than the sponge rate (for example, hashing a single input when T equals 3) is vulnerable. The Poseidon2 (Poseidon2Sponge) implementation is not impacted. The issue was addressed in release v25.0.1, which removes the implicit zero\u2011padding behavior.", "description_and_impact": "PoseidonV1 (PoseidonSponge) is a cryptographic hash function used in Stellar Soroban smart contracts. The implementation accepts variable-length input vectors without explicit padding. When the number of supplied inputs is less than the sponge rate (inputs.len() < T\u20111), the remaining rate positions are implicitly zero\u2011filled. Because the pre\u2011permutation state is identical for [m1,\u2026,mk] and [m1,\u2026,mk,0] when k < T\u20111, the two input vectors hash to the same digest. This creates a trivial hash collision that undermines the integrity guarantees of any hash\u2011based check, allowing an attacker to generate distinct inputs that produce the same hash output. The weakness is classified as CWE\u2011328.", "risk_and_exploitability": "CVSS score 8.7 indicates a high severity vulnerability, and the EPSS score is less than 1\u2009%, implying a low probability of active exploitation at present. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is via a smart contract that controls the inputs to PoseidonSponge, such as a malicious transaction that calls the hash function with explicitly fewer inputs, thereby inducing a collision. While the flaw does not grant code execution, it can subvert integrity checks and potentially damage contract logic. Consequently, the risk is moderate to high, warranting prompt update of affected deployments."}}}}, "created": "2026-03-13T09:50:39.624387+00:00", "updated": "2026-03-20T15:48:41.724000+00:00", "vendors": ["stellar", "stellar$PRODUCT$rs-soroban-poseidon"]}