{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33894", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-24T15:41:47.489Z", "datePublished": "2026-03-27T20:45:49.583Z", "dateUpdated": "2026-03-31T14:05:14.708Z"}, "containers": {"cna": {"title": "Forge has signature forgery in RSA-PKCS due to ASN.1 extra field", "problemTypes": [{"descriptions": [{"cweId": "CWE-347", "lang": "en", "description": "CWE-347: Improper Verification of Cryptographic Signature", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-20", "lang": "en", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp"}, {"name": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp", "tags": ["x_refsource_MISC"], "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp"}, {"name": "https://datatracker.ietf.org/doc/html/rfc2313#section-8", "tags": ["x_refsource_MISC"], "url": "https://datatracker.ietf.org/doc/html/rfc2313#section-8"}, {"name": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE", "tags": ["x_refsource_MISC"], "url": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE"}, {"name": "https://www.rfc-editor.org/rfc/rfc8017.html", "tags": ["x_refsource_MISC"], "url": "https://www.rfc-editor.org/rfc/rfc8017.html"}], "affected": [{"vendor": "digitalbazaar", "product": "forge", "versions": [{"version": "< 1.4.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-27T20:45:49.583Z"}, "descriptions": [{"lang": "en", "value": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing \u201cgarbage\u201d bytes within the ASN structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This issue is similar to CVE-2022-24771, but adds bytes in an addition field within the ASN structure, rather than outside of it. Additionally, forge does not validate that signatures include a minimum of 8 bytes of padding as defined by the specification, providing attackers additional space to construct Bleichenbacher forgeries. Version 1.4.0 patches the issue."}], "source": {"advisory": "GHSA-ppp5-5v6c-4jwp", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T14:04:30.304300Z", "id": "CVE-2026-33894", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T14:05:14.708Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33894", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-31T14:04:30.304300Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T14:05:09.549Z"}}], "cna": {"title": "Forge has signature forgery in RSA-PKCS due to ASN.1 extra field", "source": {"advisory": "GHSA-ppp5-5v6c-4jwp", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "digitalbazaar", "product": "forge", "versions": [{"status": "affected", "version": "< 1.4.0"}]}], "references": [{"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp", "name": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp", "name": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp", "tags": ["x_refsource_MISC"]}, {"url": "https://datatracker.ietf.org/doc/html/rfc2313#section-8", "name": "https://datatracker.ietf.org/doc/html/rfc2313#section-8", "tags": ["x_refsource_MISC"]}, {"url": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE", "name": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE", "tags": ["x_refsource_MISC"]}, {"url": "https://www.rfc-editor.org/rfc/rfc8017.html", "name": "https://www.rfc-editor.org/rfc/rfc8017.html", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing \u201cgarbage\u201d bytes within the ASN structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This issue is similar to CVE-2022-24771, but adds bytes in an addition field within the ASN structure, rather than outside of it. Additionally, forge does not validate that signatures include a minimum of 8 bytes of padding as defined by the specification, providing attackers additional space to construct Bleichenbacher forgeries. Version 1.4.0 patches the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-347", "description": "CWE-347: Improper Verification of Cryptographic Signature"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-27T20:45:49.583Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33894", "state": "PUBLISHED", "dateUpdated": "2026-03-31T14:05:14.708Z", "dateReserved": "2026-03-24T15:41:47.489Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-27T20:45:49.583Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:digitalbazaar:forge:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "824A6B69-D102-48A0-B8F2-24DEC4D749DD", "versionEndExcluding": "1.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing \u201cgarbage\u201d bytes within the ASN structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This issue is similar to CVE-2022-24771, but adds bytes in an addition field within the ASN structure, rather than outside of it. Additionally, forge does not validate that signatures include a minimum of 8 bytes of padding as defined by the specification, providing attackers additional space to construct Bleichenbacher forgeries. Version 1.4.0 patches the issue."}], "id": "CVE-2026-33894", "lastModified": "2026-04-17T21:16:42.030", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-27T21:17:25.983", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://datatracker.ietf.org/doc/html/rfc2313#section-8"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://www.rfc-editor.org/rfc/rfc8017.html"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-347"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification", "id": "2452464", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452464"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "draft"}, "cwe": "CWE-347", "details": ["A flaw was found in Forge (also called `node-forge`), a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS#1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do not meet padding requirements, an attacker can bypass signature validation. This allows for the creation of forged signatures that appear legitimate, potentially compromising the integrity and authenticity of communications."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-33894", "package_state": [{"cpe": "cpe:/a:redhat:cryostat:4", "fix_state": "Affected", "package_name": "io.cryostat-cryostat", "product_name": "Cryostat 4"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Affected", "package_name": "openshift-logging/elasticsearch6-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Affected", "package_name": "openshift-logging/elasticsearch-operator-bundle", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Affected", "package_name": "openshift-logging/elasticsearch-proxy-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Affected", "package_name": "openshift-logging/elasticsearch-rhel9-operator", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Affected", "package_name": "openshift-logging/kibana6-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Affected", "package_name": "openshift-logging/logging-curator5-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "automation-eda-controller", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "automation-gateway", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "automation-platform-ui", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:apache_camel_hawtio:4", "fix_state": "Affected", "package_name": "io.hawt-project", "product_name": "Red Hat build of Apache Camel - HawtIO 4"}, {"cpe": "cpe:/a:redhat:service_registry:2", "fix_state": "Affected", "package_name": "io.apicurio-apicurio-registry", "product_name": "Red Hat build of Apicurio Registry 2"}, {"cpe": "cpe:/a:redhat:podman_desktop:1", "fix_state": "Affected", "package_name": "podman-desktop-macos-1-0", "product_name": "Red Hat Build of Podman Desktop"}, {"cpe": "cpe:/a:redhat:podman_desktop:1", "fix_state": "Affected", "package_name": "podman-desktop-windows-1-0", "product_name": "Red Hat Build of Podman Desktop"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Affected", "package_name": "org.infinispan-infinispan-console", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Affected", "package_name": "io.apicurio-apicurito", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Affected", "package_name": "io.syndesis-syndesis-parent", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Affected", "package_name": "org.uberfire-uberfire-parent", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}], "public_date": "2026-03-27T20:45:49Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-33894\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-33894\nhttps://datatracker.ietf.org/doc/html/rfc2313#section-8\nhttps://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp\nhttps://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE\nhttps://www.rfc-editor.org/rfc/rfc8017.html"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.4.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "forge", "source": "cna", "vendor": "digitalbazaar"}, "product": "forge", "vendor": "digitalbazaar"}], "analysis": {"en": {"generated_at": "2026-03-28T05:31:23.855903+00:00", "value": {"mitigation_remediation": ["Upgrade node\u2011forge to version\u00a01.4.0 or later, the release that contains the patch for this issue."], "summary": {"action": "Immediate Patch", "impact": "Signature forgery allowing formation of valid RSA\u2011PKCS#1 v1.5 signatures with low\u2013exponent keys."}, "threat_synthesis": {"affected_systems": "The vulnerability affects all releases of the Digital Bazaar node\u2011forge library before version\u00a01.4.0. Any JavaScript application\u2014client\u2011side or server\u2011side\u2014that uses forge for Transport Layer Security or RSA signature verification is at risk if it does not upgrade to the patched release.", "description_and_impact": "The flaw lies in forge\u2019s implementation of RSASSA PKCS#1 v1.5 signature verification. Before version\u00a01.4.0, the library accepts malformed ASN.1 structures that contain additional \u201cgarbage\u201d bytes inside the signature\u2019s ASN.1 field. When the RSA public exponent is small (e\u00a0=\u00a03), an attacker can craft a signature that satisfies the verification routine while actually being entirely user\u2011controlled. The defect also allows forging signatures that lack the required minimum eight bytes of padding, creating a Bleichenbacher\u2011style forgery path. Consequently, any system that relies on forge to verify signed data can be deceived into accepting attacker\u2011generated signatures, potentially compromising authentication or integrity of protected content.", "risk_and_exploitability": "With a CVSS base score of 7.5, the vulnerability poses a high impact. The exploitation model is straightforward: an adversary can generate a forged signature for any public key with a low exponent, and any consumer of forge that performs signature validation will accept it as legitimate. No EPSS score is documented, and the flaw has not been listed in the CISA KEV catalog. Given the ubiquity of node\u2011forge in web and server applications, the risk of real\u2011world exploitation remains significant."}}}}, "created": "2026-03-29T20:29:59.094765+00:00", "updated": "2026-03-30T07:00:18.272998+00:00", "vendors": ["digitalbazaar", "digitalbazaar$PRODUCT$forge"]}