Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (snyk).
CVSS VectorVendor: snyk
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6Blast Radius
ecosystem impact- 34 npm packages depend on jsrsasign (9 direct, 25 indirect)
Ecosystem-wide dependent count for version 11.1.1.
DescriptionCVE.org
Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative exponent.
AnalysisAI
The jsrsasign JavaScript library before version 11.1.1 contains a vulnerability that allows attackers to break signature verification by exploiting incorrect handling of negative exponents in modular exponentiation operations. This affects all versions prior to 11.1.1 of the jsrsasign package, enabling remote attackers without authentication to compromise cryptographic signature validation. A proof-of-concept exploit exists as indicated by the CVSS exploitability metric and public GitHub references demonstrating the attack technique.
Technical ContextAI
The jsrsasign library is a widely-used JavaScript implementation of JSON Web Signature, JSON Web Token, JSON Web Key and other cryptographic standards for web applications. The vulnerability (CWE-681: Incorrect Conversion between Numeric Types) resides in the ext/jsbn2.js file where the modPow function incorrectly handles negative exponents during modular exponentiation operations. When a negative exponent is passed to modPow, the function computes incorrect modular inverses, which are critical operations in RSA and other public-key cryptographic algorithms. The affected product is identified as cpe:2.3:a:n/a:jsrsasign:*:*:*:*:*:*:*:* covering all versions prior to the fix.
RemediationAI
Upgrade the jsrsasign package to version 11.1.1 or later, which contains the fix implemented in commit 5ea1c32bb2aa894b4bd29849839afe4f98728195 available at https://github.com/kjur/jsrsasign/commit/5ea1c32bb2aa894b4bd29849839afe4f98728195. The patch was merged via pull request 650 at https://github.com/kjur/jsrsasign/pull/650. For npm-based projects, update the package.json dependency and run npm update or npm install to fetch the patched version. Until patching is complete, conduct thorough code review to identify any instances where external or untrusted input could influence the exponent parameter in modPow or related cryptographic operations, and implement input validation to reject negative exponent values. Additionally, consider implementing defense-in-depth measures such as cryptographic signature verification at multiple layers and enhanced logging of signature validation failures to detect potential exploitation attempts.
An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Rated critical severity (CVSS 9.8), this vul
An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Rated critical severity (CVSS 9.8), this vul
The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT
An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. Rated high severity (CVSS 7.5), this vulner
Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP
The jsrsasign JavaScript cryptographic library contains a critical vulnerability in its random number generation functio
In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized
Private key recovery is possible in jsrsasign versions before 11.1.1 when attackers force invalid DSA signatures with ze
Cryptographic signature bypass in jsrsasign before 11.1.1 allows remote attackers to forge DSA signatures and X.509 cert
The jsrsasign JavaScript library contains an infinite loop vulnerability in the BigInteger.modInverse function that allo
jsrsasign versions before 11.1.1 contain a division by zero vulnerability in RSA public-key operations caused by imprope
Same weakness CWE-681 – Incorrect Conversion between Numeric Types
View allSame technique Information Disclosure
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-14379
GHSA-8qwj-4jxw-m8jw