Vulnerability Description
PyQuorum is a cryptographic library for secret sharing and key management. Prior to 0.2.1, the mul_mod function implements multiplication via a binary expansion loop whose execution time depends on the Hamming weight of the second operand (the exponent). An attacker who can measure the time of secret‑sharing operations (e.g., via a remote service) could progressively recover the values of shares, ultimately leading to secret reconstruction. This vulnerability is fixed in 0.2.1.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2026-44368?
CVE-2026-44368 is a documented vulnerability. PyQuorum is a cryptographic library for secret sharing and key management. Prior to 0.2.1, the mul_mod function implements multiplication via a binary expansion loop whose execution time depends on th...
How severe is CVE-2026-44368?
CVSS scoring is not yet available for CVE-2026-44368. Check NVD for updates.
Is there a patch for CVE-2026-44368?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.