CVE-2026-46669

HIGH WAF: Medium

CVSS 7.5 Published: 2026-06-10

CWE-20

OpenVM is a performant and modular zkVM framework built for customization and extensibility. Prior to version 1.6.0, the openvm-pairing guest library's try_honest_pairing_check function invokes Theorem 3 of https://eprint.iacr.org/2024/640.pdf but does not check that the scaling factor s is in a proper subfield of Fp12. This allows incorrect results to the pairing check. This issue has been patched in version 1.6.0.

WAF Coverage Analysis

Improper Input Validation Medium WAF Coverage

OWASP: A03:2021 Injection

920xxx - Protocol Enforcement 941xxx - XSS / XXE 942xxx - SQL Injection

Affected Software

Vendor	Product	Version
openvm	openvm	up to 1.6.0

References

github.com (Product, Release Notes)
github.com (Vendor Advisory)

Back to CVE Database