What is the severity of CVE-2026-23967?

CVE-2026-23967 has a CVSS v3 score of 7.5, which is classified as High severity.

Is there an exploit available for CVE-2026-23967?

No known public exploits are currently available for CVE-2026-23967.

Is there a patch available for CVE-2026-23967?

Yes, patches are available for CVE-2026-23967. Check the vendor advisories for update instructions.

CVE-2026-23967 - CVE Details, Severity, and Analysis

Q: What is CVE-2026-23967?

### Summary A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library. An attacker can derive a new valid signature for a previously signed message from an existing signature. ### Credit This vulnerability was discovered by: - XlabAI Team of Tencent Xuanwu Lab - Atuin Automated Vulnerability Discovery Engine

Published: January 26, 2026

Last updated:17 hours ago (January 26, 2026)

Updated January 26, 2026

no major risk factors

Summary

A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library. An attacker can derive a new valid signature for a previously signed message from an existing signature.

Credit

This vulnerability was discovered by:

XlabAI Team of Tencent Xuanwu Lab
Atuin Automated Vulnerability Discovery Engine

Strobes VI. (2026). CVE-2026-23967 - CVE Details and Analysis. Strobes VI. Retrieved January 27, 2026, from https://vi.strobes.co/cve/CVE-2026-23967