CVE-2026-23966 Overview
CVE-2026-23966 is a critical cryptographic vulnerability affecting sm-crypto, a JavaScript library that provides implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decryption interface multiple times, an attacker can fully recover the private key within approximately several hundred interactions.
Critical Impact
An attacker can fully recover SM2 private keys by repeatedly interacting with the decryption interface, leading to complete compromise of encrypted communications and data confidentiality.
Affected Products
- sm-crypto versions prior to 0.3.14
- Applications using sm-crypto for SM2 encryption/decryption operations
- Systems relying on sm-crypto for Chinese cryptographic algorithm implementations
Discovery Timeline
- 2026-01-22 - CVE CVE-2026-23966 published to NVD
- 2026-01-22 - Last updated in NVD database
Technical Details for CVE-2026-23966
Vulnerability Analysis
This vulnerability is classified under CWE-345 (Insufficient Verification of Data Authenticity). The flaw resides in the SM2 decryption implementation within the sm-crypto library, where insufficient validation of input data during decryption operations allows an attacker to exploit the cryptographic oracle. Through repeated interactions with the decryption interface, information is leaked that can be mathematically combined to reconstruct the private key.
The SM2 algorithm is a public key cryptographic standard mandated for use in China and is based on elliptic curve cryptography. When implementing decryption operations, it is critical that implementations do not reveal any information about the private key through error messages, timing differences, or other side-channel information. The vulnerable versions of sm-crypto fail to adequately protect against such information leakage during decryption operations.
Root Cause
The root cause of this vulnerability stems from insufficient verification of data authenticity during the SM2 decryption process. The implementation does not properly validate or sanitize inputs before processing them through the cryptographic decryption routine, creating an oracle that attackers can exploit. This allows an attacker to submit specially crafted ciphertexts and observe the decryption behavior, gradually extracting information about the private key with each interaction.
Attack Vector
The attack is network-accessible and requires no authentication or user interaction. An attacker with access to the SM2 decryption interface can submit multiple carefully crafted ciphertexts and analyze the responses. Through approximately several hundred interactions, the attacker can mathematically derive the complete private key. This attack pattern is similar to other cryptographic oracle attacks where repeated queries to a decryption function leak information about the secret key material.
The vulnerability mechanism involves exploiting the decryption interface as an oracle. When malformed or specially constructed ciphertexts are submitted, the decryption implementation reveals partial information about the private key through its responses. By collecting sufficient observations and applying mathematical analysis, an attacker can reconstruct the entire private key. For detailed technical information about the vulnerability and the fix, see the GitHub Security Advisory.
Detection Methods for CVE-2026-23966
Indicators of Compromise
- Unusually high volume of SM2 decryption requests from a single source
- Repeated decryption failures or error responses indicating malformed ciphertext submissions
- Sequential or patterned decryption requests that suggest systematic probing
- Anomalous traffic patterns targeting cryptographic API endpoints
Detection Strategies
- Monitor application logs for excessive decryption operation calls from single clients
- Implement rate limiting on decryption endpoints and alert on threshold violations
- Deploy application-level intrusion detection to identify cryptographic oracle attack patterns
- Audit dependencies for vulnerable sm-crypto versions using software composition analysis tools
Monitoring Recommendations
- Configure logging to capture all SM2 decryption operations with source identification
- Implement anomaly detection for cryptographic operation frequency and patterns
- Set up alerts for dependency scanning tools to flag vulnerable sm-crypto versions
- Monitor for unusual error rates in cryptographic operations that may indicate probing attempts
How to Mitigate CVE-2026-23966
Immediate Actions Required
- Upgrade sm-crypto to version 0.3.14 or later immediately
- Audit all applications and services using sm-crypto for affected versions
- Consider rotating SM2 key pairs if there is evidence of exploitation
- Review access logs for any suspicious patterns of decryption requests
Patch Information
The vulnerability has been patched in sm-crypto version 0.3.14. The fix is available in the GitHub commit. Organizations should update their package dependencies to pull in the patched version.
Workarounds
- Implement strict rate limiting on SM2 decryption endpoints to slow potential attacks
- Add IP-based throttling for decryption requests to limit interaction frequency
- Consider temporarily disabling SM2 decryption functionality if not critical until patching is complete
- Deploy network-level access controls to restrict decryption API access to trusted sources only
# Update sm-crypto to patched version
npm update sm-crypto@0.3.14
# Or specify exact version in package.json
npm install sm-crypto@0.3.14 --save-exact
# Verify installed version
npm list sm-crypto
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
