False Positive: The sm-crypto Signature Forgery Exploit
Jan 21, 2026·5 min read·13 visits
Executive Summary (TL;DR)
The `sm-crypto` library (used for Chinese National Standard SM2 crypto) defaulted to treating input messages as raw hashes rather than data to be hashed. This allows attackers to perform a mathematical signature forgery. By calculating a specific 'message' based on the target public key, they can bypass authentication entirely. Fixed in version 0.4.0.
A critical flaw in the sm-crypto JavaScript library allows attackers to forge valid SM2 digital signatures for any public key. By exploiting an insecure default configuration that bypasses message hashing, an attacker can craft a specific input 'message' and signature pair that mathematically satisfies the verification equation without possessing the private key.
Official Patches
Fix Analysis (1)
Technical Appendix
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NAffected Systems
Affected Versions Detail
| Product | Affected Versions | Fixed Version |
|---|---|---|
sm-crypto JuneAndGreen | < 0.4.0 | 0.4.0 |
| Attribute | Detail |
|---|---|
| CWE ID | CWE-347 |
| Attack Vector | Network |
| CVSS Score | 7.5 (High) |
| Impact | Integrity / Authentication Bypass |
| Exploit Status | PoC Available |
| Fix Complexity | Low (Config Change) |
MITRE ATT&CK Mapping
The product does not verify, or incorrectly verifies, the cryptographic signature of data, allowing the data to be modified or spoofed.
Known Exploits & Detection
Vulnerability Timeline
Subscribe to updates
Get the latest CVE analysis reports delivered to your inbox.