StableLib Ed25519 Signature Malleability via Missing S < L Check
Signature malleability: Given any valid signature, an attacker can produce a second distinct valid signature for the same message without knowing the private key Transaction ID collision: Applications using signature bytes as unique identifiers (e.g., blockchain transaction IDs) are vulnerable to replay/double-spend attacks Deduplication bypass: Systems deduplicating by signature value accept the same message twice with different "signatures" Same vulnerability class as node-forge CVE-2026-33895 (GHSA-q67f-28xg-22rw), rated HIGH