CVE-2026-23519
Published: 15 January 2026
Summary
CVE-2026-23519 is a critical-severity Observable Timing Discrepancy (CWE-208) vulnerability in Rustcrypto Cmov. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 8.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SC-31 (Covert Channel Analysis).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely identification, reporting, and correction of flaws such as this timing side-channel vulnerability by updating the RustCrypto CMOV crate to version 0.4.4 or later.
Mandates vulnerability scanning and monitoring to identify systems using vulnerable versions of the RustCrypto CMOV crate on affected Cortex-M architectures.
Requires analysis of covert timing channels, directly addressing the non-constant-time assembly emission that enables observable discrepancies in cmovnz operations.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Timing side-channel in constant-time crypto primitive directly enables credential/key recovery via exploitation.
NVD Description
RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. Prior to 0.4.4, the thumbv6m-none-eabi (Cortex M0, M0+ and M1) compiler emits non-constant time…
more
assembly when using cmovnz (portable version). This vulnerability is fixed in 0.4.4.
Deeper analysisAI
CVE-2026-23519 is a timing side-channel vulnerability in the RustCrypto CMOV crate, part of the RustCrypto/utils repository. The crate provides conditional move CPU intrinsics intended to execute in constant time on major platforms without compiler rewriting to branches. In versions prior to 0.4.4, when targeting thumbv6m-none-eabi (Cortex-M0, M0+, and M1 architectures), the compiler emits non-constant-time assembly for the portable cmovnz implementation. This violates the constant-time guarantee, mapped to CWE-208 (Observable Discrepancy) and CWE-203 (Observable Behavior), with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Remote attackers require no privileges, authentication, or user interaction to exploit this over a network with low complexity. Exploitation involves observing timing differences in cmovnz operations, potentially allowing recovery of sensitive data such as cryptographic keys during operations relying on the crate for constant-time conditional moves. The high impact on confidentiality, integrity, and availability stems from the side-channel leakage enabling broader compromise of affected embedded systems using these targets.
The GitHub security advisory (GHSA-2gqc-6j2q-83qp) and commit 55977257e7c82a309d5e8abfdd380a774f0f9778 detail the fix in version 0.4.4, which addresses the compiler-emitted assembly issue for thumbv6m-none-eabi targets. Security practitioners should update to RustCrypto/utils 0.4.4 or later and audit dependencies using vulnerable versions in Cortex-M0/M0+/M1 firmware.
Details
- CWE(s)