CVE-2026-32322

soroban-sdk is a Rust SDK for Soroban contracts. Prior to 22.0.11, 23.5.3, and 25.3.0, The Fr (scalar field) types for BN254 and BLS12-381 in soroban-sdk compared values using their raw U256 representation without first reducing modulo the field modulus r. This caused mathematically equal field elements to compare as not-equal when one or both values were unreduced (i.e., >= r). The vulnerability requires an attacker to supply crafted Fr values through contract inputs, and compare them directly without going through host-side arithmetic operations. Smart contracts that rely on Fr equality checks for security-critical logic could produce incorrect results. The impact depends on how the affected contract uses Fr equality comparisons, but can result in incorrect authorization decisions or validation bypasses in contracts that perform equality checks on user-supplied scalar values. This vulnerability is fixed in 22.0.11, 23.5.3, and 25.3.0.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/stellar/rs-soroban-sdk/security/advisories/GHSA-x2hw-px52-wp4m	Mitigation Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:stellar:rs-soroban-sdk::::::rust::*
	cpe:2.3:a:stellar:rs-soroban-sdk::::::rust::*
	cpe:2.3:a:stellar:rs-soroban-sdk::::::rust::*

History

19 Mar 2026, 13:37

Type	Values Removed	Values Added
References	~~() https://github.com/stellar/rs-soroban-sdk/security/advisories/GHSA-x2hw-px52-wp4m -~~	() https://github.com/stellar/rs-soroban-sdk/security/advisories/GHSA-x2hw-px52-wp4m - Mitigation, Patch, Vendor Advisory
CPE		cpe:2.3:a:stellar:rs-soroban-sdk::::::rust::*
First Time		Stellar rs-soroban-sdk Stellar

13 Mar 2026, 19:54

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-13 19:54

Updated : 2026-03-19 13:37

NVD link : CVE-2026-32322

Mitre link : CVE-2026-32322

CVE.ORG link : CVE-2026-32322

JSON object : View

Products Affected

stellar

rs-soroban-sdk

CWE

CWE-697

Incorrect Comparison

{"id": "CVE-2026-32322", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2026-03-13T19:54:42.610", "references": [{"url": "https://github.com/stellar/rs-soroban-sdk/security/advisories/GHSA-x2hw-px52-wp4m", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-697"}]}], "descriptions": [{"lang": "en", "value": "soroban-sdk is a Rust SDK for Soroban contracts. Prior to 22.0.11, 23.5.3, and 25.3.0, The Fr (scalar field) types for BN254 and BLS12-381 in soroban-sdk compared values using their raw U256 representation without first reducing modulo the field modulus r. This caused mathematically equal field elements to compare as not-equal when one or both values were unreduced (i.e., >= r). The vulnerability requires an attacker to supply crafted Fr values through contract inputs, and compare them directly without going through host-side arithmetic operations. Smart contracts that rely on Fr equality checks for security-critical logic could produce incorrect results. The impact depends on how the affected contract uses Fr equality comparisons, but can result in incorrect authorization decisions or validation bypasses in contracts that perform equality checks on user-supplied scalar values. This vulnerability is fixed in 22.0.11, 23.5.3, and 25.3.0."}], "lastModified": "2026-03-19T13:37:47.243", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:stellar:rs-soroban-sdk:*:*:*:*:*:rust:*:*", "vulnerable": true, "matchCriteriaId": "197C15B0-7D3F-42B2-BAC0-48B32D3D798C", "versionEndExcluding": "22.0.11"}, {"criteria": "cpe:2.3:a:stellar:rs-soroban-sdk:*:*:*:*:*:rust:*:*", "vulnerable": true, "matchCriteriaId": "842E038D-54E7-45AF-B924-608DAF58E0F5", "versionEndExcluding": "23.5.3", "versionStartIncluding": "23.0.0"}, {"criteria": "cpe:2.3:a:stellar:rs-soroban-sdk:*:*:*:*:*:rust:*:*", "vulnerable": true, "matchCriteriaId": "D23F2F97-743F-4E63-84AF-B599B1600A56", "versionEndExcluding": "25.3.0", "versionStartIncluding": "25.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}