Is Jwt Attack affected by EUVD-2026-14375?

A critical vulnerability in the jsrsasign JavaScript library allows attackers to forge digital signatures and certificates, potentially compromising the authenticity and integrity of any systems relying on this library for cryptographic verification.

EUVD-2026-14375

| CVE-2026-4600 HIGH

2026-03-23 snyk

GHSA-wvqx-v3f6-w8rh

7.4

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 23, 2026 - 05:45 vuln.today

EUVD ID Assigned

Mar 23, 2026 - 05:45 euvd

EUVD-2026-14375

CVE Published

Mar 23, 2026 - 05:00 nvd

HIGH 7.4

Description

Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic (and the related DSA/X509 verification flow in src/dsa-2.0.js). An attacker can forge DSA signatures or X.509 certificates that X509.verifySignature() accepts by supplying malicious domain parameters such as g=1, y=1, and a fixed r=1, which make the verification equation true for any hash.

Analysis

A cryptographic signature verification vulnerability exists in the jsrsasign JavaScript library before version 11.1.1 that allows attackers to forge DSA signatures and X.509 certificates. The vulnerability affects DSA domain-parameter validation in KJUR.crypto.DSA.setPublic, enabling complete bypass of signature verification by supplying malicious domain parameters (g=1, y=1, r=1). …

Remediation

Within 24 hours: Inventory all applications and systems using jsrsasign library and assess whether DSA signature verification is actively used in production environments. Within 7 days: Implement network segmentation and WAF rules to restrict access to affected applications, disable DSA signature verification if not business-critical, and begin evaluation of alternative cryptographic libraries. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +37

POC: 0

EUVD-2026-14375 vulnerability details – vuln.today

Back

EUVD-2026-14375

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-14375

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code