CVE-2026-26958 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2026-26958 Interim 1 1 2026-03-05T00:15:23Z current 2026-03-05T00:15:23Z 2026-03-05T00:15:23Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2026-26958 filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If (*Point).MultiScalarMult is called on an initialized point that is not the identity point, it returns an incorrect result. If the method is called on an uninitialized point, the behavior is undefined. In particular, if the receiver is the zero value, MultiScalarMult returns an invalid point that compares Equal to every other point. Note that MultiScalarMult is a rarely used, advanced API. For example, users who depend on filippo.io/edwards25519 only through github.com/go-sql-driver/mysql are not affected. This issue has been fixed in version 1.1.1. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2026-March/024527.html E-Mail link for SUSE-SU-2026:0757-1 https://lists.suse.com/pipermail/sle-security-updates/2026-March/024541.html E-Mail link for SUSE-SU-2026:0777-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Module for Package Hub 15 SP7 SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Server 15 SP4-TERADATA SUSE Linux Enterprise Server 15 SP5-LTSS SUSE Linux Enterprise Server 15 SP6-LTSS SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Server Teradata 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP6 SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Server for SAP applications 16.0 SUSE Manager Client Tools for SLE 12 SUSE Manager Client Tools for SLE 15 SUSE Multi-Linux Manager Client Tools for SLE 12 SUSE Multi-Linux Manager Client Tools for SLE 15 openSUSE Leap 15.6 openSUSE Tumbleweed alloy cosign cosign-3.0.5-1.1 cosign-3.0.5-150400.3.35.1 cosign-bash-completion-3.0.5-1.1 cosign-bash-completion-3.0.5-150400.3.35.1 cosign-fish-completion-3.0.5-1.1 cosign-zsh-completion-3.0.5-1.1 cosign-zsh-completion-3.0.5-150400.3.35.1 grafana rekor vexctl cosign-3.0.5-150400.3.35.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 cosign-bash-completion-3.0.5-150400.3.35.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 cosign-zsh-completion-3.0.5-150400.3.35.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 cosign-3.0.5-150400.3.35.1 as a component of SUSE Linux Enterprise Server 15 SP4-TERADATA cosign-3.0.5-150400.3.35.1 as a component of openSUSE Leap 15.6 cosign-3.0.5-1.1 as a component of openSUSE Tumbleweed cosign-bash-completion-3.0.5-1.1 as a component of openSUSE Tumbleweed cosign-fish-completion-3.0.5-1.1 as a component of openSUSE Tumbleweed cosign-zsh-completion-3.0.5-1.1 as a component of openSUSE Tumbleweed cosign as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS rekor as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS cosign as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS rekor as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS alloy as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 rekor as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 grafana as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 cosign as a component of SUSE Linux Enterprise Server 15 SP4-LTSS rekor as a component of SUSE Linux Enterprise Server 15 SP4-LTSS cosign as a component of SUSE Linux Enterprise Server 15 SP5-LTSS rekor as a component of SUSE Linux Enterprise Server 15 SP5-LTSS cosign as a component of SUSE Linux Enterprise Server 15 SP6-LTSS rekor as a component of SUSE Linux Enterprise Server 15 SP6-LTSS alloy as a component of SUSE Linux Enterprise Server 16.0 cosign as a component of SUSE Linux Enterprise Server 16.0 rekor as a component of SUSE Linux Enterprise Server 16.0 vexctl as a component of SUSE Linux Enterprise Server 16.0 rekor as a component of SUSE Linux Enterprise Server Teradata 15 SP4 cosign as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 rekor as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 cosign as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 rekor as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 cosign as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP6 rekor as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP6 alloy as a component of SUSE Linux Enterprise Server for SAP applications 16.0 cosign as a component of SUSE Linux Enterprise Server for SAP applications 16.0 rekor as a component of SUSE Linux Enterprise Server for SAP applications 16.0 vexctl as a component of SUSE Linux Enterprise Server for SAP applications 16.0 grafana as a component of SUSE Manager Client Tools for SLE 12 grafana as a component of SUSE Manager Client Tools for SLE 15 grafana as a component of SUSE Multi-Linux Manager Client Tools for SLE 12 grafana as a component of SUSE Multi-Linux Manager Client Tools for SLE 15 grafana as a component of openSUSE Leap 15.6 rekor as a component of openSUSE Leap 15.6 vexctl as a component of openSUSE Leap 15.6 filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If (*Point).MultiScalarMult is called on an initialized point that is not the identity point, it returns an incorrect result. If the method is called on an uninitialized point, the behavior is undefined. In particular, if the receiver is the zero value, MultiScalarMult returns an invalid point that compares Equal to every other point. Note that MultiScalarMult is a rarely used, advanced API. For example, users who depend on filippo.io/edwards25519 only through github.com/go-sql-driver/mysql are not affected. This issue has been fixed in version 1.1.1. CVE-2026-26958 SUSE Linux Enterprise Module for Basesystem 15 SP7:cosign-3.0.5-150400.3.35.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:cosign-bash-completion-3.0.5-150400.3.35.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:cosign-zsh-completion-3.0.5-150400.3.35.1 SUSE Linux Enterprise Server 15 SP4-TERADATA:cosign-3.0.5-150400.3.35.1 openSUSE Leap 15.6:cosign-3.0.5-150400.3.35.1 openSUSE Tumbleweed:cosign-3.0.5-1.1 openSUSE Tumbleweed:cosign-bash-completion-3.0.5-1.1 openSUSE Tumbleweed:cosign-fish-completion-3.0.5-1.1 openSUSE Tumbleweed:cosign-zsh-completion-3.0.5-1.1 moderate 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L