Cyber Resilience

CVE-2026-32614

High

Published: 16 March 2026

Published
16 March 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0001 1.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-32614 is a high-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Transmitted Data Manipulation (T1565.002); ranked at the 1.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-32614 is an infinity-point ciphertext forgery vulnerability in the SM9 decryption implementation of the Go ShangMi (Commercial Cryptography) Library (GMSM), a cryptographic library supporting Chinese commercial algorithms including SM2, SM3, SM4, SM9, and ZUC. Versions prior to 0.41.1 are affected. The issue arises because the elliptic-curve point C1 in the ciphertext is deserialized and verified to lie on the curve during decryption, but the point at infinity is not explicitly rejected. This allows C1 set to the point at infinity to cause the bilinear pairing result to become the identity element in the GT group, rendering a critical part of the key derivation input predictable.

An unauthenticated attacker with network access can exploit this vulnerability with low complexity and no privileges required, as indicated by its CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). By knowing only the target user's UID, the attacker can construct a malicious ciphertext with C1 as the point at infinity, derive the decryption key material due to the predictable constant in key derivation, and forge ciphertexts that pass integrity checks, enabling integrity violations mapped to CWE-347.

The vulnerability is addressed in GMSM version 0.41.1, which fixes the SM9 decryption logic to explicitly reject the point at infinity. Additional details are available in the GitHub security advisory at https://github.com/emmansun/gmsm/security/advisories/GHSA-5xxp-2vrj-x855.

EU & UK References

Vulnerability details

Go ShangMi (Commercial Cryptography) Library (GMSM) is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause is that, during decryption,…

more

the elliptic-curve point C1 in the ciphertext is only deserialized and checked to be on the curve, but the implementation does not explicitly reject the point at infinity. In the current implementation, an attacker can construct C1 as the point at infinity, causing the bilinear pairing result to degenerate into the identity element in the GT group. As a result, a critical part of the key derivation input becomes a predictable constant. An attacker who only knows the target user's UID can derive the decryption key material and then forge a ciphertext that passes the integrity check. This vulnerability is fixed in 0.41.1.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1565.002 Transmitted Data Manipulation Impact
Adversaries may alter data en route to storage or other systems in order to manipulate external outcomes or hide activity, thus threatening the integrity of the data.
Why these techniques?

Vulnerability enables forgery of ciphertexts that pass integrity verification (CWE-347), directly facilitating transmitted data manipulation on systems using the vulnerable SM9 implementation.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-34240Shared CWE-347
CVE-2024-56161Shared CWE-347
CVE-2025-24043Shared CWE-347
CVE-2026-23687Shared CWE-347
CVE-2024-13172Shared CWE-347
CVE-2026-41669Shared CWE-347
CVE-2026-27962Shared CWE-347
CVE-2025-12006Shared CWE-347
CVE-2026-32974Shared CWE-347
CVE-2026-44714Shared CWE-347

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Explicitly rejects malformed ciphertext points (including the point at infinity) during SM9 decryption input processing.

prevent

Mandates correct implementation and validation of cryptographic algorithms so that SM9 bilinear pairing and key derivation cannot be forced to degenerate.

detect

Verifies integrity of protected information and detects forged ciphertexts that would otherwise pass the SM9 integrity check.

References