{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40323", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-10T21:41:54.505Z", "datePublished": "2026-04-17T22:58:42.580Z", "dateUpdated": "2026-04-20T16:16:41.143Z"}, "containers": {"cna": {"title": "SP1 V6 Recursion Circuit Row-Count Binding Gap", "problemTypes": [{"descriptions": [{"cweId": "CWE-345", "lang": "en", "description": "CWE-345: Insufficient Verification of Data Authenticity", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-354", "lang": "en", "description": "CWE-354: Improper Validation of Integrity Check Value", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "baseScore": 8.9, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/succinctlabs/sp1/security/advisories/GHSA-63x8-x938-vx33", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/succinctlabs/sp1/security/advisories/GHSA-63x8-x938-vx33"}, {"name": "https://github.com/succinctlabs/sp1/releases/tag/v6.1.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/succinctlabs/sp1/releases/tag/v6.1.0"}], "affected": [{"vendor": "succinctlabs", "product": "sp1", "versions": [{"version": ">= 6.0.0, < 6.1.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-17T22:58:42.580Z"}, "descriptions": [{"lang": "en", "value": "SP1 is a zero\u2011knowledge virtual machine that proves the correct execution of programs compiled for the RISC-V architecture. In versions 6.0.0 through 6.0.2, a soundness vulnerability in the SP1 V6 recursive shard verifier allows a malicious prover to construct a recursive proof from a shard proof that the native verifier would reject. Version 6.1.0 fixes the issue."}], "source": {"advisory": "GHSA-63x8-x938-vx33", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-20T16:16:33.342756Z", "id": "CVE-2026-40323", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T16:16:41.143Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40323", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-20T16:16:33.342756Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T16:16:36.646Z"}}], "cna": {"title": "SP1 V6 Recursion Circuit Row-Count Binding Gap", "source": {"advisory": "GHSA-63x8-x938-vx33", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.9, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "succinctlabs", "product": "sp1", "versions": [{"status": "affected", "version": ">= 6.0.0, < 6.1.0"}]}], "references": [{"url": "https://github.com/succinctlabs/sp1/security/advisories/GHSA-63x8-x938-vx33", "name": "https://github.com/succinctlabs/sp1/security/advisories/GHSA-63x8-x938-vx33", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/succinctlabs/sp1/releases/tag/v6.1.0", "name": "https://github.com/succinctlabs/sp1/releases/tag/v6.1.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "SP1 is a zero\u2011knowledge virtual machine that proves the correct execution of programs compiled for the RISC-V architecture. In versions 6.0.0 through 6.0.2, a soundness vulnerability in the SP1 V6 recursive shard verifier allows a malicious prover to construct a recursive proof from a shard proof that the native verifier would reject. Version 6.1.0 fixes the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-345", "description": "CWE-345: Insufficient Verification of Data Authenticity"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-354", "description": "CWE-354: Improper Validation of Integrity Check Value"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-17T22:58:42.580Z"}}}, "cveMetadata": {"cveId": "CVE-2026-40323", "state": "PUBLISHED", "dateUpdated": "2026-04-20T16:16:41.143Z", "dateReserved": "2026-04-10T21:41:54.505Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-17T22:58:42.580Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:succinct:sp1:*:*:*:*:*:*:*:*", "matchCriteriaId": "4366A75B-9EFD-4D9C-8235-13A4071EA17A", "versionEndExcluding": "6.1.0", "versionStartIncluding": "6.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SP1 is a zero\u2011knowledge virtual machine that proves the correct execution of programs compiled for the RISC-V architecture. In versions 6.0.0 through 6.0.2, a soundness vulnerability in the SP1 V6 recursive shard verifier allows a malicious prover to construct a recursive proof from a shard proof that the native verifier would reject. Version 6.1.0 fixes the issue."}], "id": "CVE-2026-40323", "lastModified": "2026-05-13T13:44:29.037", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.9, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-18T00:16:36.767", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/succinctlabs/sp1/releases/tag/v6.1.0"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/succinctlabs/sp1/security/advisories/GHSA-63x8-x938-vx33"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}, {"lang": "en", "value": "CWE-354"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[6.0.0,6.1.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "sp1", "source": "cna", "vendor": "succinctlabs"}, "product": "sp1", "vendor": "succinctlabs"}], "analysis": {"en": {"generated_at": "2026-04-18T08:50:50.570746+00:00", "value": {"mitigation_remediation": ["Upgrade to SP1 version 6.1.0 or later where the recursive shard verifier is corrected", "Limit the use of the recursive shard verifier to trusted, whitelisted issuers until a patch is applied", "Enable detailed audit logging of proof verification events and alert on anomalous acceptance patterns"], "summary": {"action": "Immediate Patch", "impact": "Logical Bypass via Soundness Violation"}, "threat_synthesis": {"affected_systems": "The affected product is the SP1 virtual machine from succinctlabs. Versions 6.0.0 through 6.0.2 contain the flaw, while version 6.1.0 contains the fix. No other vendors or products are listed as impacted.", "description_and_impact": "The flaw is a soundness vulnerability in the SP1 V6 recursive shard verifier that permits a malicious prover to construct a recursive proof from a shard proof that the native verifier would normally reject. Because the verifier accepts these forged proofs, an attacker can convince downstream systems that a desired state or computation has been correctly executed, leading to potential data integrity breach or unauthorized access to protected resources. The weakness is categorized as CWE-345 (Wrong Order of Operations) and CWE-354 (Missing Invariant in a Recursive Algorithm).", "risk_and_exploitability": "The CVSS score of 8.9 indicates a high severity; the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a malicious prover who can send crafted proofs to the SP1 verifier, which may occur in environments that accept third\u2011party proof submissions, such as zk\u2011based consensus systems or trusted execution contexts. Exploitation requires the ability to supply proof files to the verifier; once the forged proof is accepted, the attacker may compromise the integrity of the system relying on the verifier's output."}}}}, "created": "2026-04-18T09:00:05.893788+00:00", "updated": "2026-04-20T14:59:24.334593+00:00", "vendors": ["succinctlabs", "succinctlabs$PRODUCT$sp1"]}