Vulnerability in Stellar Rs-soroban-poseidon

CVE-2026-32129

soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. Poseidon V1 (PoseidonSponge) accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the…

EPSS: 0.000 (7.3th percentile) — read the EPSS interpretation.

Affected products

Stellar Rs-soroban-poseidon — versions < 25.0.1

Weakness classification (CWE)

CWE-328 — Use of Weak Hash

References

https://github.com/stellar/rs-soroban-poseidon/security/advisories/GHSA-g2p6-hh5v-7hfm (x_refsource_CONFIRM)
https://github.com/stellar/rs-soroban-poseidon/pull/10 (x_refsource_MISC)
https://github.com/stellar/rs-soroban-poseidon/releases/tag/v25.0.1 (x_refsource_MISC)