CVE-2026-32614
Published: 16 March 2026
Summary
CVE-2026-32614 is a high-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Transmitted Data Manipulation (T1565.002); ranked at the 1.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-32614 is an infinity-point ciphertext forgery vulnerability in the SM9 decryption implementation of the Go ShangMi (Commercial Cryptography) Library (GMSM), a cryptographic library supporting Chinese commercial algorithms including SM2, SM3, SM4, SM9, and ZUC. Versions prior to 0.41.1 are affected. The issue arises because the elliptic-curve point C1 in the ciphertext is deserialized and verified to lie on the curve during decryption, but the point at infinity is not explicitly rejected. This allows C1 set to the point at infinity to cause the bilinear pairing result to become the identity element in the GT group, rendering a critical part of the key derivation input predictable.
An unauthenticated attacker with network access can exploit this vulnerability with low complexity and no privileges required, as indicated by its CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). By knowing only the target user's UID, the attacker can construct a malicious ciphertext with C1 as the point at infinity, derive the decryption key material due to the predictable constant in key derivation, and forge ciphertexts that pass integrity checks, enabling integrity violations mapped to CWE-347.
The vulnerability is addressed in GMSM version 0.41.1, which fixes the SM9 decryption logic to explicitly reject the point at infinity. Additional details are available in the GitHub security advisory at https://github.com/emmansun/gmsm/security/advisories/GHSA-5xxp-2vrj-x855.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-12101
Vulnerability details
Go ShangMi (Commercial Cryptography) Library (GMSM) is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause is that, during decryption,…
more
the elliptic-curve point C1 in the ciphertext is only deserialized and checked to be on the curve, but the implementation does not explicitly reject the point at infinity. In the current implementation, an attacker can construct C1 as the point at infinity, causing the bilinear pairing result to degenerate into the identity element in the GT group. As a result, a critical part of the key derivation input becomes a predictable constant. An attacker who only knows the target user's UID can derive the decryption key material and then forge a ciphertext that passes the integrity check. This vulnerability is fixed in 0.41.1.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables forgery of ciphertexts that pass integrity verification (CWE-347), directly facilitating transmitted data manipulation on systems using the vulnerable SM9 implementation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Explicitly rejects malformed ciphertext points (including the point at infinity) during SM9 decryption input processing.
Mandates correct implementation and validation of cryptographic algorithms so that SM9 bilinear pairing and key derivation cannot be forced to degenerate.
Verifies integrity of protected information and detects forged ciphertexts that would otherwise pass the SM9 integrity check.