HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-46654Published Modified CNA GitHub_M

CVE-2026-46654: Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss

Plonky3 is a toolkit for polynomial IOPs (PIOPs). Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side observations can craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir. This issue has been patched in versions 0.4.3 and 0.5.3.

Metrics

CVSS v4.0
8.9
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is a cryptographic protocol vulnerability (transcript malleability) in the Plonky3 zero-knowledge proof toolkit, specifically in its MultiField32Challenger component. An attacker who controls prover-side observations can craft two distinct transcripts that produce identical Fiat-Shamir challenges, breaking the binding property that the protocol relies on for soundness. Successful exploitation allows an attacker to produce fraudulent proofs that pass verification, enabling integrity violations in any system that relies on Plonky3 for proof generation and verification. The CVE description notes patches exist at versions 0.4.3 and 0.5.3; a patched-image rebuild at those versions is available on HarborGuard for environments running affected versions.

HarborGuard Coverage

Detection

Detection of CVE-2026-46654 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images in registries and CI pipelines, including custom-built images that vendor or embed Plonky3 as a dependency.

Available
Triage

HarborGuard triage is capable of scoring this CVE at its CVSS v4.0 base score of 8.9 (HIGH) and weighting it against per-environment compliance policies, then routing the finding to the appropriate team inbox within each customer organization.

Available
Patch

Because the description references fix versions 0.4.3 and 0.5.3 despite the advisory marking no fix versions as published, a patched-image rebuild targeting those versions becomes available in HarborGuard the moment upstream package availability is confirmed. For customers who opt into auto-remediation, HarborGuard will trigger a rebuild, run regression tests, and open a PR against affected workloads automatically.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the proof-generation or verification service over the network to submit crafted prover-side observations.

  • AuthenticationNot required

    No credentials are needed; the attack can be attempted by any party able to submit inputs to the prover.

  • Victim interactionNot required

    No user action is required; the attacker interacts directly with the affected service.

  • Attack complexityDetail

    Attack complexity is rated High, meaning the attacker must carefully craft transcripts that satisfy the collision condition, requiring non-trivial cryptographic computation and precise control over observation inputs.

Blast Radius

  • An attacker forges proof transcripts that are accepted as valid by the verifier, bypassing soundness guarantees entirely.
  • Persisted state or on-chain records that depend on proof validity can be written with fraudulent data, corrupting the integrity of the system.
  • Any downstream logic gated on proof acceptance (asset transfers, state transitions, authorization checks) executes based on false premises.
  • Systems that embed Plonky3 in a larger protocol stack expose that entire stack to integrity compromise through a single malformed proof submission.

How HarborGuard Handles This

Available on HarborGuard: once upstream package registries confirm availability of Plonky3 0.4.3 or 0.5.3, a patched-image rebuild is made available automatically for any customer image found running an affected version (below 0.4.3, or between 0.5.0 and below 0.5.3). For customers who have auto-remediation enabled, HarborGuard will rebuild the image at the fixed version, execute the configured regression test suite, and open a pull request against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes in environments with auto-remediation enabled. Because no upstream fix versions are currently marked as published in the advisory record, HarborGuard re-checks the advisory on every ingest cycle and will make the patched rebuild available the moment confirmed fixed packages appear. In the interim, compensating controls worth considering include network-policy isolation to restrict which clients can submit prover inputs, egress filtering to limit lateral exposure, and feature-flag gating to disable proof verification paths that are not strictly required in production.

See how HarborGuard automates this
Affected packages
  • Plonky3 / Plonky3
    < 0.4.3 · >= 0.5.0, < 0.5.3
CVSS Vector
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N
References