{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4258", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "state": "PUBLISHED", "assignerShortName": "snyk", "dateReserved": "2026-03-16T10:00:53.239Z", "datePublished": "2026-03-17T05:00:04.199Z", "dateUpdated": "2026-03-17T13:22:11.049Z"}, "containers": {"cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P"}, "cvssV4_0": {"version": "4.0", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"}}], "credits": [{"value": "Kr0emer", "lang": "en"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-347", "description": "Improper Verification of Cryptographic Signature", "lang": "en"}]}], "providerMetadata": {"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2026-03-17T05:00:04.199Z"}, "descriptions": [{"value": "All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The dhJavaEc() function directly returns the raw x-coordinate of the scalar multiplication result (no hashing), providing a plaintext oracle without requiring any decryption feedback.", "lang": "en"}], "references": [{"url": "https://security.snyk.io/vuln/SNYK-JS-SJCL-15369617"}, {"url": "https://gist.github.com/Kr0emer/2560f98edb10b0b34f2438cd63913c47"}, {"url": "https://github.com/bitwiseshiftleft/sjcl/blob/master/core/ecc.js%23L454-L461"}, {"url": "https://github.com/bitwiseshiftleft/sjcl/commit/ee307459972442a17beebc29dc331fffd8aff796"}], "affected": [{"product": "sjcl", "versions": [{"version": "0", "lessThan": "*", "status": "affected", "versionType": "semver"}], "vendor": "n/a"}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-325", "lang": "en", "description": "CWE-325 Missing Cryptographic Step"}]}], "references": [{"url": "https://gist.github.com/Kr0emer/2560f98edb10b0b34f2438cd63913c47", "tags": ["exploit"]}, {"url": "https://security.snyk.io/vuln/SNYK-JS-SJCL-15369617", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-17T13:22:02.709429Z", "id": "CVE-2026-4258", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T13:22:11.049Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4258", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-17T13:22:02.709429Z"}}}], "references": [{"url": "https://gist.github.com/Kr0emer/2560f98edb10b0b34f2438cd63913c47", "tags": ["exploit"]}, {"url": "https://security.snyk.io/vuln/SNYK-JS-SJCL-15369617", "tags": ["exploit"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-325", "description": "CWE-325 Missing Cryptographic Step"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T13:21:33.775Z"}}], "cna": {"credits": [{"lang": "en", "value": "Kr0emer"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "confidentialityImpact": "HIGH"}, "cvssV4_0": {"version": "4.0", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "exploitMaturity": "PROOF_OF_CONCEPT", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "n/a", "product": "sjcl", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "semver"}]}], "references": [{"url": "https://security.snyk.io/vuln/SNYK-JS-SJCL-15369617"}, {"url": "https://gist.github.com/Kr0emer/2560f98edb10b0b34f2438cd63913c47"}, {"url": "https://github.com/bitwiseshiftleft/sjcl/blob/master/core/ecc.js%23L454-L461"}, {"url": "https://github.com/bitwiseshiftleft/sjcl/commit/ee307459972442a17beebc29dc331fffd8aff796"}], "descriptions": [{"lang": "en", "value": "All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The dhJavaEc() function directly returns the raw x-coordinate of the scalar multiplication result (no hashing), providing a plaintext oracle without requiring any decryption feedback."}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-347", "description": "Improper Verification of Cryptographic Signature"}]}], "providerMetadata": {"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2026-03-17T05:00:04.199Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4258", "state": "PUBLISHED", "dateUpdated": "2026-03-17T13:22:11.049Z", "dateReserved": "2026-03-16T10:00:53.239Z", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "datePublished": "2026-03-17T05:00:04.199Z", "assignerShortName": "snyk"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The dhJavaEc() function directly returns the raw x-coordinate of the scalar multiplication result (no hashing), providing a plaintext oracle without requiring any decryption feedback."}], "id": "CVE-2026-4258", "lastModified": "2026-03-17T14:20:01.670", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "report@snyk.io", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2026-03-17T06:16:18.590", "references": [{"source": "report@snyk.io", "url": "https://gist.github.com/Kr0emer/2560f98edb10b0b34f2438cd63913c47"}, {"source": "report@snyk.io", "url": "https://github.com/bitwiseshiftleft/sjcl/blob/master/core/ecc.js%23L454-L461"}, {"source": "report@snyk.io", "url": "https://github.com/bitwiseshiftleft/sjcl/commit/ee307459972442a17beebc29dc331fffd8aff796"}, {"source": "report@snyk.io", "url": "https://security.snyk.io/vuln/SNYK-JS-SJCL-15369617"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://gist.github.com/Kr0emer/2560f98edb10b0b34f2438cd63913c47"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://security.snyk.io/vuln/SNYK-JS-SJCL-15369617"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "report@snyk.io", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-325"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,*]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}]}, "original": {"product": "sjcl", "source": "cna", "vendor": "n/a"}, "product": "sjcl", "vendor": "bitwiseshiftleft"}], "analysis": {"en": {"generated_at": "2026-03-17T17:50:34.432024+00:00", "value": {"mitigation_remediation": ["Upgrade sjcl to a version that includes point\u2011on\u2011curve validation and hashes the ECDH output, as indicated by commit ee307459972442a17beebc29dc331fffd8aff796.", "If no patched release is available, replace the dhJavaEc() implementation with a custom routine that validates the EC point and hashes the raw output before use.", "Remove sjcl usage from any critical components until a patched version is deployed or alternative cryptographic libraries are adopted."], "summary": {"action": "Patch Immediately", "impact": "Private Key Compromise"}, "threat_synthesis": {"affected_systems": "All releases of the sjcl JavaScript cryptography library are affected; the CVE description explicitly states \"All versions of the package sjcl are vulnerable\". Any application that utilizes sjcl\u2019s ECDH functions, especially dhJavaEc(), is subject to this flaw. No vendor\u2011specific version information beyond the library itself is provided.", "description_and_impact": "The vulnerability arises from missing point\u2011on\u2011curve validation in the function sjcl.ecc.basicKey.publicKey(), as detailed in the CVE description. An attacker can send crafted off\u2011curve public keys to the library and observe the raw x\u2011coordinate output of dhJavaEc(). This plaintext oracle permits extraction of a victim\u2019s ECDH private key, thereby compromising the confidentiality of any data protected with that key. The weakness is classified under CWE\u2011325 (Improper Validation) and CWE\u2011347 (Invalid Algorithm Parameter).", "risk_and_exploitability": "With a CVSS score of 8.7 the vulnerability is high severity, yet the EPSS score of less than 1% indicates a low probability of exploitation in the present threat landscape. The CVE notes that the issue is not listed in CISA\u2019s KEV catalog. The likely attack vector is remote: an adversary who can supply a public key to the library\u2014such as through client\u2011side or server\u2011side JavaScript execution\u2014can exploit the missing validation and obtain the private key by observing ECDH outputs; this inference is based on the description of the oracle provided in the CVE."}}}}, "created": "2026-03-17T09:51:55.385084+00:00", "updated": "2026-03-24T10:49:33.716162+00:00", "vendors": ["bitwiseshiftleft", "bitwiseshiftleft$PRODUCT$sjcl"]}