CVE-2026-40323: SP1 V6 Recursion Circuit Row-Count Binding Gap

April 14, 2026

A soundness vulnerability in the SP1 V6 recursive shard verifier allows a malicious prover to construct a recursive proof from a shard proof that the native verifier would reject.

Affected versions: >= 6.0.0, <= 6.0.2
Not affected: SP1 V5 (all versions)
Severity: High

References

github.com/advisories/GHSA-63x8-x938-vx33
github.com/succinctlabs/sp1
github.com/succinctlabs/sp1/releases/tag/v6.1.0
github.com/succinctlabs/sp1/security/advisories/GHSA-63x8-x938-vx33
nvd.nist.gov/vuln/detail/CVE-2026-40323

Code Behaviors & Features

Detect and mitigate CVE-2026-40323 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →