CVE-2026-1229

UNKNOWN 0.0

Incorrect calculation in CIRCL secp384r1 CombinedMult

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected. The bug was fixed in v1.6.3 https://github.com/cloudflare/circl/releases/tag/v1.6.3 .

CWE	CWE-682
Vendor	cloudflare
Product	circl
Published	Feb 24, 2026
Last Updated	Feb 24, 2026

Stay Ahead of the Next One

Get instant alerts for cloudflare circl

Be the first to know when new unknown vulnerabilities affecting cloudflare circl are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Cloudflare / CIRCL

CIRCL up to version 1.6.2 < 1.6.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/cloudflare/circl

Credits

Guido Vranken