CVE-2026-23965: sm-crypto Auth Bypass Vulnerability

CVE-2026-23965 Overview

CVE-2026-23965 is a signature forgery vulnerability affecting the sm-crypto JavaScript library, which provides implementations of Chinese cryptographic algorithms SM2, SM3, and SM4. A critical flaw exists in the SM2 signature verification logic that allows attackers to forge valid signatures for arbitrary public keys under default configurations. When the message space contains sufficient redundancy, attackers can manipulate the message prefix associated with forged signatures to satisfy specific formatting requirements, potentially enabling authentication bypass and data integrity compromise.

Critical Impact

Attackers can forge valid cryptographic signatures for arbitrary public keys, undermining the fundamental security guarantees of SM2 digital signatures and enabling potential authentication bypass in systems relying on this library.

Affected Products

• sm-crypto versions prior to 0.4.0
• Applications using sm-crypto for SM2 signature verification
• Systems implementing Chinese cryptographic standards via sm-crypto

Discovery Timeline

• 2026-01-22 - CVE CVE-2026-23965 published to NVD
• 2026-01-22 - Last updated in NVD database

Technical Details for CVE-2026-23965

Vulnerability Analysis

The vulnerability stems from improper verification of cryptographic signatures in the SM2 implementation (CWE-347: Improper Verification of Cryptographic Signature). The flaw exists in the default configuration of the doSignature function within src/sm2/index.js, where the hash parameter defaults to an insecure value that allows signature forgery attacks.

SM2 is part of the Chinese Commercial Cryptography Suite and is widely used in applications requiring compliance with Chinese cryptographic standards. The signature verification process in vulnerable versions of sm-crypto fails to properly validate that signatures were generated by the claimed private key holder, allowing attackers to construct signatures that pass verification checks without possessing the corresponding private key.

Root Cause

The root cause of this vulnerability is the insecure default value for the hash parameter in the signature functions. Prior to version 0.4.0, the hash parameter was not explicitly set to true by default, causing the signature verification logic to accept forged signatures. This oversight in the cryptographic implementation allows attackers to exploit the mathematical properties of the SM2 algorithm to construct valid-looking signatures without knowledge of the private key.

Attack Vector

This vulnerability is exploitable over the network without requiring any authentication or user interaction. An attacker can craft malicious signatures that will be accepted as valid by any application using vulnerable versions of sm-crypto for SM2 signature verification. The attack is particularly dangerous in scenarios where:

1. SM2 signatures are used for authentication or authorization decisions
2. Message integrity relies on SM2 signature verification
3. The message format allows for controlled redundancy that attackers can exploit

The security patch modifies the default behavior by setting hash = true in the function signature:

  * 签名
  */
 function doSignature(msg, privateKey, {
-  pointPool, der, hash, publicKey, userId
+  pointPool, der, hash = true, publicKey, userId
 } = {}) {
   let hashHex = typeof msg === 'string' ? _.utf8ToHex(msg) : _.arrayToHex(msg)

Source: GitHub Commit

Detection Methods for CVE-2026-23965

Indicators of Compromise

• Unusual authentication events with valid signatures from unknown or suspicious sources
• Signature verification successes for messages that should fail validation
• Application logs showing SM2 signature operations with unexpected parameter configurations
• Evidence of signature replay or manipulation in transaction logs

Detection Strategies

• Audit application dependencies for sm-crypto versions prior to 0.4.0
• Review code paths using the doSignature and doVerifySignature functions for explicit hash parameter settings
• Implement monitoring for signature verification patterns that deviate from normal application behavior
• Use software composition analysis (SCA) tools to identify vulnerable sm-crypto installations

Monitoring Recommendations

• Enable detailed logging for all cryptographic signature operations in applications using sm-crypto
• Monitor for anomalous patterns in signature verification success rates
• Set up alerts for authentication events from unexpected geographic locations or IP addresses
• Implement integrity monitoring for npm package versions in deployed environments

How to Mitigate CVE-2026-23965

Immediate Actions Required

• Upgrade sm-crypto to version 0.4.0 or later immediately
• Audit all code using sm-crypto signature functions and explicitly set hash: true if upgrading is not immediately possible
• Review historical signature verification logs for potential exploitation
• Regenerate and reissue any credentials or certificates that relied on SM2 signatures from vulnerable implementations

Patch Information

The vulnerability has been addressed in sm-crypto version 0.4.0. The fix modifies the default value of the hash parameter to true in the doSignature function, ensuring that signature verification operates securely by default. Users should upgrade to this version or later to remediate the vulnerability.

For more details, see the GitHub Security Advisory and the patch commit.

Workarounds

• If immediate upgrade is not possible, explicitly pass hash: true to all doSignature and doVerifySignature function calls
• Implement additional signature validation layers outside of sm-crypto as a defense-in-depth measure
• Consider temporarily using an alternative SM2 implementation until the upgrade can be completed
• Restrict network access to services using vulnerable sm-crypto installations

# Upgrade sm-crypto to patched version
npm update sm-crypto@0.4.0

# Verify installed version
npm list sm-crypto

# Alternative: Audit all installed packages for vulnerable versions
npm audit