Medium severityGHSA Advisory· Published May 13, 2026· Updated May 14, 2026
CVE-2026-44368
CVE-2026-44368
Description
PyQuorum is a cryptographic library for secret sharing and key management. Prior to 0.2.1, the mul_mod function implements multiplication via a binary expansion loop whose execution time depends on the Hamming weight of the second operand (the exponent). An attacker who can measure the time of secret‑sharing operations (e.g., via a remote service) could progressively recover the values of shares, ultimately leading to secret reconstruction. This vulnerability is fixed in 0.2.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pyquorumPyPI | < 0.2.1 | 0.2.1 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-7r92-3jgr-r65qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-44368ghsaADVISORY
- github.com/svvqt/pyquorum/commit/1e9ac41dd3c305c13d7a6b7d227bf325be82d730ghsaWEB
- github.com/svvqt/pyquorum/releases/tag/v0.2.1ghsaWEB
- github.com/svvqt/pyquorum/security/advisories/GHSA-7r92-3jgr-r65qnvdWEB
News mentions
0No linked articles in our index yet.