CVE-2026-1229

Published: Feb 24, 2026

Modified: Feb 24, 2026

PUBLISHED

Description

The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected. The bug was fixed in v1.6.3 https://github.com/cloudflare/circl/releases/tag/v1.6.3 .

Vendor	Product	Versions
Cloudflare	CIRCL	affected `CIRCL up to version 1.6.2 - < 1.6.3`

Weaknesses (CWE)

CWE-682

References

https://github.com/cloudflare/circl

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-1229

Description

Affected Products

Weaknesses (CWE)

References