Cryptographic Library Vulnerability in PyQuorum
CVE-2026-44368

6.9MEDIUM

Key Information:

Vendor: Svvqt
Status: Pyquorum
Vendor: CVE Published:; 13 May 2026

What is CVE-2026-44368?

The PyQuorum cryptographic library, known for its functionalities in secret sharing and key management, has a vulnerability in its mul_mod function. This function executes multiplication using a binary expansion loop that causes execution time to vary depending on the Hamming weight of the second operand. An attacker monitoring the secret-sharing operations remotely can exploit this timing discrepancy to progressively deduce the values of the shares, potentially reconstructing the secret. The issue has been resolved in version 0.2.1 and users are urged to update to this version to mitigate the risk.

Affected Version(s)

pyquorum < 0.2.1

References

https://github.com/svvqt/pyquorum/security/advisories/GHS...

x_refsource_CONFIRM

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
May 5, 2026

CVE-2026-44368 Data

JSON

Svvqt

What is CVE-2026-44368?

Affected Version(s)

References

CVSS V4

Timeline