How to fix CVE-2026-4602?

CVE-2026-4602

EUVD-2026-14379 HIGH

2026-03-23 snyk

GHSA-8qwj-4jxw-m8jw

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 23, 2026 - 05:45 vuln.today

EUVD ID Assigned

Mar 23, 2026 - 05:45 euvd

EUVD-2026-14379

CVE Published

Mar 23, 2026 - 05:00 nvd

HIGH 7.5

Description

Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative exponent.

Analysis

The jsrsasign JavaScript library before version 11.1.1 contains a vulnerability that allows attackers to break signature verification by exploiting incorrect handling of negative exponents in modular exponentiation operations. This affects all versions prior to 11.1.1 of the jsrsasign package, enabling remote attackers without authentication to compromise cryptographic signature validation. …

Remediation

Within 24 hours: Audit all applications and dependencies to identify jsrsasign usage across the organization and document version numbers; notify relevant development and security teams. Within 7 days: Implement compensating controls including signature validation logging, disable jsrsasign-dependent features if non-critical, and deploy WAF rules to detect exploitation attempts; prioritize migration planning to alternative cryptographic libraries. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: 0

CVE-2026-4602 vulnerability details – vuln.today

Back

CVE-2026-4602

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-4602

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code