Cyber Resilience

CVE-2026-22698

HighPublic PoC

Published: 10 January 2026

Published
10 January 2026
Modified
12 March 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0024 15.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-22698 is a high-severity Insufficient Entropy (CWE-331) vulnerability in Rustcrypto Sm2 Elliptic Curve. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Reduce Key Space (T1600.001); ranked at the 15.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-22698 is a critical vulnerability in the SM2 Public Key Encryption (PKE) implementation within the RustCrypto elliptic-curves crate, which provides general-purpose Elliptic Curve Cryptography (ECC) support including types and traits for elliptic curve forms, scalars, points, and keys. The issue affects versions 0.14.0-pre.0 and 0.14.0-rc.0, where a unit mismatch error in the ephemeral nonce k generation function causes it to request only 32 bits of randomness instead of the expected 256 bits. This severely reduces entropy, dropping encryption security from 128-bit to a trivial 16-bit level and enabling practical attacks to recover the nonce.

The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating it is exploitable over the network with low complexity and no privileges or user interaction required. Attackers can recover the nonce k from any SM2-encrypted ciphertext using only the corresponding public key, allowing full decryption of the plaintext. This impacts any applications or systems relying on the affected crate versions for SM2 PKE.

Mitigation is available via a patch in commit e4f7778, with related fixes in commits 4781762f23ff22ab34763410f648128055c93731 and e4f77788130d065d760e57fb109370827110a525, addressed through GitHub pull request #1600 in the RustCrypto/elliptic-curves repository. Users should update to a patched version beyond 0.14.0-rc.0, as indicated by the crates.io pages for the affected releases.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in the SM2…

more

Public Key Encryption (PKE) implementation where the ephemeral nonce k is generated with severely reduced entropy. A unit mismatch error causes the nonce generation function to request only 32 bits of randomness instead of the expected 256 bits. This reduces the security of the encryption from a 128-bit level to a trivial 16-bit level, allowing a practical attack to recover the nonce k and decrypt any ciphertext given only the public key and ciphertext. This issue has been patched via commit e4f7778.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1600.001 Reduce Key Space Defense Impairment
Adversaries may reduce the level of effort required to decrypt data transmitted over the network by reducing the cipher strength of encrypted communications.
Why these techniques?

Directly reduces effective nonce entropy from 256 to 32 bits, enabling practical nonce recovery and decryption of SM2 ciphertexts (matches Reduce Key Space).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-22700Same product: Rustcrypto Sm2 Elliptic Curve
CVE-2026-22699Same product: Rustcrypto Sm2 Elliptic Curve
CVE-2025-13399Shared CWE-331
CVE-2026-23519Same vendor: Rustcrypto
CVE-2026-41080Shared CWE-331
CVE-2020-36925Shared CWE-331
CVE-2025-29311Shared CWE-331
CVE-2025-15387Shared CWE-331
CVE-2026-34236Shared CWE-331
CVE-2026-46473Shared CWE-331

Affected Assets

rustcrypto
sm2 elliptic curve
0.14.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely remediation of identified flaws, such as patching the low-entropy nonce generation in the RustCrypto elliptic-curves crate's SM2 PKE implementation.

detect

Mandates vulnerability scanning to identify deployments using affected versions 0.14.0-pre.0 or 0.14.0-rc.0 of the RustCrypto crate vulnerable to nonce recovery attacks.

prevent

Establishes proper cryptographic key and nonce management processes, mitigating risks from insufficient entropy in ephemeral nonce k generation during SM2 encryption.

References