CVE-2026-4602

HIGH(7.5)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Risk Signal Score19/100 — NIEDRIG

CVSS 7.5 — Hoch

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

7.5

Technische Schwere

Beschreibung

Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative exponent.

Referenzen

https://gist.github.com/Kr0emer/7ecd2be7d17419e4677315ef3758faf5
https://github.com/kjur/jsrsasign/commit/5ea1c32bb2aa894b4bd29849839afe4f9872819...
https://github.com/kjur/jsrsasign/pull/650
https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15371175