FIND-20260329-014 · 2026-03-29 · Innovation Veille

RUSTSEC-2026-0073: libcrux-poly1305 — Panic in standalone MAC operations (CVSS 8.7 HIGH)

cve LOW
RUSTSEC-2026-0073 (published 2026-03-24) affects libcrux-poly1305 with CVSS 8.7 HIGH. The vulnerability causes a panic in standalone MAC operations. Related advisories RUSTSEC-2026-0076 (libcrux-ml-dsa, panic in signature hint decoding) and RUSTSEC-2026-0074 (libcrux-sha3, incorrect incremental SHAKE output) were also published 2026-03-24, affecting the libcrux cryptographic suite.

Source

https://rustsec.org/advisories/RUSTSEC-2026-0073.html

ODS Impact

ODS Rust services (oid, billing-engine) may transitively depend on libcrux through ring or other cryptographic crates. Run cargo audit in each Rust service to check transitive dependency exposure. Direct use of libcrux-poly1305 is unlikely — this is LOW relevance unless audit reveals a dependency chain.

Security Review

License: N/A | Maintenance: ACTIVE | Risk: MEDIUM | Recommendation: USE_WITH_CAUTION

Tags

rust cve cryptography poly1305 rustsec
Generated by ODS Innovation Veille · 2026-03-29T03:19:48+00:00