CVE-2026-44368: pyquorum: Timing side‑channel in mul_mod

May 6, 2026

The mul_mod function implements multiplication via a binary expansion loop whose execution time depends on the Hamming weight of the second operand (the exponent). An attacker who can measure the time of secret‑sharing operations (e.g., via a remote service) could progressively recover the values of shares, ultimately leading to secret reconstruction.

References

github.com/advisories/GHSA-7r92-3jgr-r65q
github.com/svvqt/pyquorum
github.com/svvqt/pyquorum/commit/1e9ac41dd3c305c13d7a6b7d227bf325be82d730
github.com/svvqt/pyquorum/releases/tag/v0.2.1
github.com/svvqt/pyquorum/security/advisories/GHSA-7r92-3jgr-r65q
nvd.nist.gov/vuln/detail/CVE-2026-44368

Code Behaviors & Features

Detect and mitigate CVE-2026-44368 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →