Skip to main content

jsrsasign EUVDEUVD-2026-14377

| CVE-2026-4601 HIGH
Missing Cryptographic Step (CWE-325)
2026-03-23 snyk GHSA-w8q8-93cx-6h7r
8.8
CVSS 4.0 · Vendor: snyk
Share

Severity by source

Vendor (snyk) PRIMARY
8.8 HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Red Hat
8.7 HIGH
qualitative

Primary rating from Vendor (snyk).

CVSS VectorVendor: snyk

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

7
Analysis Updated
Apr 29, 2026 - 01:33 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 29, 2026 - 01:11 vuln.today
cvss_changed
CVSS changed
Apr 29, 2026 - 01:11 NVD
8.7 (HIGH) 8.8 (HIGH)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 23, 2026 - 05:45 euvd
EUVD-2026-14377
Analysis Generated
Mar 23, 2026 - 05:45 vuln.today
CVE Published
Mar 23, 2026 - 05:00 nvd
HIGH 8.7

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 34 npm packages depend on jsrsasign (9 direct, 25 indirect)

Ecosystem-wide dependent count for version 11.1.1.

DescriptionCVE.org

Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature without retrying, and then solves for x from the resulting signature.

AnalysisAI

Private key recovery is possible in jsrsasign versions before 11.1.1 when attackers force invalid DSA signatures with zero r or s values during the signing process. The library fails to validate or retry these malformed signatures, allowing attackers to algebraically solve for the private key x from the emitted signature. Publicly available exploit code exists demonstrating the key recovery technique (EPSS: 0.02%, percentile 5%), though no confirmed active exploitation. Vendor-released patch: version 11.1.1.

Technical ContextAI

jsrsasign is a pure JavaScript cryptographic library implementing RSA, ECC, and DSA signing algorithms. The vulnerability affects the KJUR.crypto.DSA.signWithMessageHash function in the DSA (Digital Signature Algorithm) implementation, classified as CWE-325 (Missing Cryptographic Step). DSA signatures consist of two components (r, s) derived from a random nonce k and the private key x. Proper DSA implementations must validate that neither r nor s equals zero, as this mathematical edge case allows trivial private key extraction. The affected library (CPE: cpe:2.3:a:n/a:jsrsasign:*:*:*:*:*:*:*:*) lacks this critical validation step, emitting invalid signatures without retrying with a new nonce. An attacker who can observe or influence the signing process can force these zero-value conditions and then algebraically derive the private key from the invalid signature parameters.

RemediationAI

Upgrade jsrsasign to version 11.1.1 or later, which implements proper validation to reject signatures with r=0 or s=0 and retry with a new nonce as confirmed in GitHub commit 0710e392ec35de697ce11e4219c988ba2b5fe0eb and pull request 645 (https://github.com/kjur/jsrsasign/pull/645). For Node.js projects, update package.json to specify jsrsasign version >=11.1.1 and run npm update or yarn upgrade. Red Hat customers should apply platform-specific patches per advisories at https://access.redhat.com/errata/RHSA-2026:6912 and related RHSA bulletins. If immediate patching is not feasible, implement compensating controls: (1) Migrate DSA signing operations to ECDSA or RSA-PSS algorithms which are not affected by this specific flaw (trade-off: requires certificate reissuance and client compatibility verification), (2) Implement application-layer signature validation that rejects signatures where r=0 or s=0 before accepting them (trade-off: adds processing overhead and may break legitimate but rare edge cases), (3) Restrict signing operations to trusted internal services only, removing network accessibility (trade-off: limits architectural flexibility for distributed systems). Note that verification-only usage of jsrsasign does not expose the private key recovery vector.

CVE-2020-14968 CRITICAL POC
9.8 Jun 22

An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Rated critical severity (CVSS 9.8), this vul

CVE-2020-14967 CRITICAL POC
9.8 Jun 22

An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Rated critical severity (CVSS 9.8), this vul

CVE-2022-25898 CRITICAL POC
9.8 Jul 01

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT

CVE-2020-14966 HIGH POC
7.5 Jun 22

An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. Rated high severity (CVSS 7.5), this vulner

CVE-2024-21484 MEDIUM POC
5.9 Jan 22

Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP

CVE-2026-4599 CRITICAL
9.3 Mar 23

The jsrsasign JavaScript cryptographic library contains a critical vulnerability in its random number generation functio

CVE-2021-30246 CRITICAL
9.1 Apr 07

In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized

CVE-2026-4600 HIGH
8.1 Mar 23

Cryptographic signature bypass in jsrsasign before 11.1.1 allows remote attackers to forge DSA signatures and X.509 cert

CVE-2026-4598 HIGH
7.7 Mar 23

The jsrsasign JavaScript library contains an infinite loop vulnerability in the BigInteger.modInverse function that allo

CVE-2026-4602 HIGH
7.7 Mar 23

The jsrsasign JavaScript library before version 11.1.1 contains a vulnerability that allows attackers to break signature

CVE-2026-4603 LOW POC
2.0 Mar 23

jsrsasign versions before 11.1.1 contain a division by zero vulnerability in RSA public-key operations caused by imprope

Vendor StatusVendor

Share

EUVD-2026-14377 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy