{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32614", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-12T14:54:24.271Z", "datePublished": "2026-03-13T20:14:05.750Z", "dateUpdated": "2026-03-16T20:12:09.389Z"}, "containers": {"cna": {"title": "Go ShangMi SM9 Infinity-Point Ciphertext Forgery Vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-347", "lang": "en", "description": "CWE-347: Improper Verification of Cryptographic Signature", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/emmansun/gmsm/security/advisories/GHSA-5xxp-2vrj-x855", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/emmansun/gmsm/security/advisories/GHSA-5xxp-2vrj-x855"}], "affected": [{"vendor": "emmansun", "product": "gmsm", "versions": [{"version": "< 0.41.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-13T20:14:05.750Z"}, "descriptions": [{"lang": "en", "value": "Go ShangMi (Commercial Cryptography) Library (GMSM) is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause is that, during decryption, the elliptic-curve point C1 in the ciphertext is only deserialized and checked to be on the curve, but the implementation does not explicitly reject the point at infinity. In the current implementation, an attacker can construct C1 as the point at infinity, causing the bilinear pairing result to degenerate into the identity element in the GT group. As a result, a critical part of the key derivation input becomes a predictable constant. An attacker who only knows the target user's UID can derive the decryption key material and then forge a ciphertext that passes the integrity check. This vulnerability is fixed in 0.41.1."}], "source": {"advisory": "GHSA-5xxp-2vrj-x855", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-16T20:11:20.035883Z", "id": "CVE-2026-32614", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T20:12:09.389Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32614", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T20:11:20.035883Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T20:11:54.751Z"}}], "cna": {"title": "Go ShangMi SM9 Infinity-Point Ciphertext Forgery Vulnerability", "source": {"advisory": "GHSA-5xxp-2vrj-x855", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "emmansun", "product": "gmsm", "versions": [{"status": "affected", "version": "< 0.41.1"}]}], "references": [{"url": "https://github.com/emmansun/gmsm/security/advisories/GHSA-5xxp-2vrj-x855", "name": "https://github.com/emmansun/gmsm/security/advisories/GHSA-5xxp-2vrj-x855", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Go ShangMi (Commercial Cryptography) Library (GMSM) is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause is that, during decryption, the elliptic-curve point C1 in the ciphertext is only deserialized and checked to be on the curve, but the implementation does not explicitly reject the point at infinity. In the current implementation, an attacker can construct C1 as the point at infinity, causing the bilinear pairing result to degenerate into the identity element in the GT group. As a result, a critical part of the key derivation input becomes a predictable constant. An attacker who only knows the target user's UID can derive the decryption key material and then forge a ciphertext that passes the integrity check. This vulnerability is fixed in 0.41.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-347", "description": "CWE-347: Improper Verification of Cryptographic Signature"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-13T20:14:05.750Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32614", "state": "PUBLISHED", "dateUpdated": "2026-03-16T20:12:09.389Z", "dateReserved": "2026-03-12T14:54:24.271Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-13T20:14:05.750Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Go ShangMi (Commercial Cryptography) Library (GMSM) is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause is that, during decryption, the elliptic-curve point C1 in the ciphertext is only deserialized and checked to be on the curve, but the implementation does not explicitly reject the point at infinity. In the current implementation, an attacker can construct C1 as the point at infinity, causing the bilinear pairing result to degenerate into the identity element in the GT group. As a result, a critical part of the key derivation input becomes a predictable constant. An attacker who only knows the target user's UID can derive the decryption key material and then forge a ciphertext that passes the integrity check. This vulnerability is fixed in 0.41.1."}, {"lang": "es", "value": "La Biblioteca Go ShangMi (Criptograf\u00eda Comercial) (GMSM) es una biblioteca criptogr\u00e1fica que cubre los algoritmos criptogr\u00e1ficos p\u00fablicos comerciales chinos SM2/SM3/SM4/SM9/ZUC. Antes de la versi\u00f3n 0.41.1, la implementaci\u00f3n actual de descifrado de SM9 contiene una vulnerabilidad de falsificaci\u00f3n de texto cifrado de punto al infinito. La causa ra\u00edz es que, durante el descifrado, el punto de curva el\u00edptica C1 en el texto cifrado solo se deserializa y se verifica que est\u00e9 en la curva, pero la implementaci\u00f3n no rechaza expl\u00edcitamente el punto en el infinito. En la implementaci\u00f3n actual, un atacante puede construir C1 como el punto en el infinito, haciendo que el resultado del emparejamiento bilineal degenere en el elemento identidad en el grupo GT. Como resultado, una parte cr\u00edtica de la entrada de derivaci\u00f3n de clave se convierte en una constante predecible. Un atacante que solo conoce el UID del usuario objetivo puede derivar el material de la clave de descifrado y luego falsificar un texto cifrado que pase la verificaci\u00f3n de integridad. Esta vulnerabilidad se corrige en la versi\u00f3n 0.41.1."}], "id": "CVE-2026-32614", "lastModified": "2026-04-15T15:43:48.523", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-16T14:19:39.160", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/emmansun/gmsm/security/advisories/GHSA-5xxp-2vrj-x855"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.41.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "gmsm", "source": "cna", "vendor": "emmansun"}, "product": "gmsm", "vendor": "emmansun"}], "analysis": {"en": {"generated_at": "2026-03-16T23:08:50.313852+00:00", "value": {"mitigation_remediation": ["Upgrade the GMSM library to version 0.41.1 or later.", "Verify that the updated library is correctly integrated and remove any legacy code that may manipulate C1 points."], "summary": {"action": "Apply Patch", "impact": "Unauthorized decryption via forged ciphertext"}, "threat_synthesis": {"affected_systems": "Affected products are the Go ShangMi cryptographic library (GMSM) from vendor emmansun. All releases prior to version 0.41.1 are vulnerable; version 0.41.1 and newer contain the fix.", "description_and_impact": "The vulnerability in the GMSM SM9 implementation arises because the decryption routine accepts an elliptic\u2011curve point at infinity for the ciphertext component C1. This omission lets an attacker construct a ciphertext whose bilinear pairing result collapses to the identity element in the target group, causing a portion of the key derivation input to become a predictable constant. Using only the victim\u2019s UID, an attacker can therefore derive the decryption key and forge a ciphertext that passes the integrity check. This is a ciphertext forgery flaw (CWE\u2011347) that compromises data confidentiality, allowing an attacker to decrypt or produce valid messages for the victim.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a high severity, while the EPSS score of less than 1% suggests that widespread exploitation is unlikely at present. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to craft a malicious ciphertext, so it typically targets applications that consume SM9 encrypted data. If an attacker can supply the forged ciphertext to the victim\u2019s software or intercept and replace existing ciphertext, decryption will succeed with the derived key, exposing the confidential content."}}}}, "created": "2026-03-16T09:23:55.780952+00:00", "updated": "2026-03-23T13:39:58.565601+00:00", "vendors": ["emmansun", "emmansun$PRODUCT$gmsm"]}