CVE-2026-32614

High

Published: 16 March 2026

Published

16 March 2026

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS Score 0.0001 0.9th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-32614 is a high-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Transmitted Data Manipulation (T1565.002); ranked at the 0.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Transmitted Data Manipulation (T1565.002).

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

CM-14 Signed Components

addresses: CWE-347

Requires verification of digital signatures using organization-approved certificates before installation, directly preventing improper verification of cryptographic signatures.

SA-19 Component Authenticity

addresses: CWE-347

Component authenticity commonly depends on cryptographic signatures; the control enforces proper verification of those signatures.

SC-17 Public Key Infrastructure Certificates

addresses: CWE-347

PKI certificates under an approved policy require cryptographic signature verification on issuance and validation.

SC-20 Secure Name/Address Resolution Service (Authoritative Source)

addresses: CWE-347

Requires cryptographic signatures on authoritative data and support for verifying the chain of trust.

SC-21 Secure Name/Address Resolution Service (Recursive or Caching Resolver)

addresses: CWE-347

Mandates verification of cryptographic signatures (e.g., DNSSEC RRSIG) on resolution responses, addressing missing or bypassed signature checks.

SI-7 Software, Firmware, and Information Integrity

addresses: CWE-347

Integrity tools commonly rely on cryptographic signatures whose improper validation this weakness covers.

SR-11 Component Authenticity

addresses: CWE-347

Authenticity validation commonly relies on cryptographic signature or certificate checks that this control enforces.

MITRE ATT&CK Enterprise TechniquesAI

T1565.002 Transmitted Data Manipulation Impact

Adversaries may alter data en route to storage or other systems in order to manipulate external outcomes or hide activity, thus threatening the integrity of the data.

attack.mitre.org →

Why these techniques?

Vulnerability enables forgery of ciphertexts that pass integrity verification (CWE-347), directly facilitating transmitted data manipulation on systems using the vulnerable SM9 implementation.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Go ShangMi (Commercial Cryptography) Library (GMSM) is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause is that, during decryption,…

the elliptic-curve point C1 in the ciphertext is only deserialized and checked to be on the curve, but the implementation does not explicitly reject the point at infinity. In the current implementation, an attacker can construct C1 as the point at infinity, causing the bilinear pairing result to degenerate into the identity element in the GT group. As a result, a critical part of the key derivation input becomes a predictable constant. An attacker who only knows the target user's UID can derive the decryption key material and then forge a ciphertext that passes the integrity check. This vulnerability is fixed in 0.41.1.

Deeper analysisAI

CVE-2026-32614 is an infinity-point ciphertext forgery vulnerability in the SM9 decryption implementation of the Go ShangMi (Commercial Cryptography) Library (GMSM), a cryptographic library supporting Chinese commercial algorithms including SM2, SM3, SM4, SM9, and ZUC. Versions prior to 0.41.1 are affected. The issue arises because the elliptic-curve point C1 in the ciphertext is deserialized and verified to lie on the curve during decryption, but the point at infinity is not explicitly rejected. This allows C1 set to the point at infinity to cause the bilinear pairing result to become the identity element in the GT group, rendering a critical part of the key derivation input predictable.

An unauthenticated attacker with network access can exploit this vulnerability with low complexity and no privileges required, as indicated by its CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). By knowing only the target user's UID, the attacker can construct a malicious ciphertext with C1 as the point at infinity, derive the decryption key material due to the predictable constant in key derivation, and forge ciphertexts that pass integrity checks, enabling integrity violations mapped to CWE-347.

The vulnerability is addressed in GMSM version 0.41.1, which fixes the SM9 decryption logic to explicitly reject the point at infinity. Additional details are available in the GitHub security advisory at https://github.com/emmansun/gmsm/security/advisories/GHSA-5xxp-2vrj-x855.

Details

CWE(s): CWE-347

CVEs Like This One

CVE-2025-27773Shared CWE-347

CVE-2026-5466Shared CWE-347

CVE-2026-40372Shared CWE-347

CVE-2026-38651Shared CWE-347

CVE-2026-34377Shared CWE-347

CVE-2026-20997Shared CWE-347

CVE-2025-23206Shared CWE-347

CVE-2025-52648Shared CWE-347

CVE-2026-24032Shared CWE-347

CVE-2025-36418Shared CWE-347

References

https://github.com/emmansun/gmsm/security/advisories/GHSA-5xxp-2vrj-x855
security-advisories@github.com