Is soroban-fixed-point-math affected by CVE-2026-24783?

crates.io soroban-fixed-point-math is affected in >=1.4.0 =1.3.0 <1.3.1.

Is CVE-2026-24783 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.4%.

high

CVE-2026-24783

Q: Is CVE-2026-24783 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.4%.

crates.io · soroban-fixed-point-math

Summary

soroban-fixed-point-math has Incorrect Rounding and Overflow Handling in Signed Fixed-Point Math with Negatives

Severity: high
EPSS: 0.4% (p29)
Also known as: GHSA-x5m4-43jf-hh65
Published: 2026-01-28

References

https://github.com/script3/soroban-fixed-point-math/security/advisories/GHSA-x5m4-43jf-hh65
https://nvd.nist.gov/vuln/detail/CVE-2026-24783
https://github.com/script3/soroban-fixed-point-math/commit/c9233f7094198a49ed66a4d75786a8a3755c936a

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.