CVE-2026-46654
Plonky3 is a toolkit for polynomial IOPs (PIOPs)
Published: 2026-06-10 · Last updated: 2026-06-10
Severity and scoring
- CWE
- CWE-1240, CWE-345
Description
Plonky3 is a toolkit for polynomial IOPs (PIOPs). Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side observations can craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir. This issue has been patched in versions 0.4.3 and 0.5.3.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-48096 — OpenFGA is an authorization/permission engine built for developers (5.0 MEDIUM)
- CVE-2026-46539 — Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm (5.9 MEDIUM)
- CVE-2026-7792 — The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Insuf... (5.3 MEDIUM)
- CVE-2026-8608 — The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Au... (5.3 MEDIUM)
- CVE-2026-50214 — The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero... (9.8 CRITICAL)