GHSA-x3ff-w252-2g7j: StableLib Ed25519 Signature Malleability via Missing S < L Check

April 1, 2026 (updated April 7, 2026)

Signature malleability: Given any valid signature, an attacker can produce a second distinct valid signature for the same message without knowing the private key
Transaction ID collision: Applications using signature bytes as unique identifiers (e.g., blockchain transaction IDs) are vulnerable to replay/double-spend attacks
Deduplication bypass: Systems deduplicating by signature value accept the same message twice with different “signatures”
Same vulnerability class as node-forge CVE-2026-33895 (GHSA-q67f-28xg-22rw), rated HIGH

References

github.com/StableLib/stablelib
github.com/StableLib/stablelib/security/advisories/GHSA-x3ff-w252-2g7j
github.com/advisories/GHSA-x3ff-w252-2g7j

Code Behaviors & Features

Detect and mitigate GHSA-x3ff-w252-2g7j with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →