{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4599", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "state": "PUBLISHED", "assignerShortName": "snyk", "dateReserved": "2026-03-22T16:25:57.565Z", "datePublished": "2026-03-23T05:00:12.522Z", "dateUpdated": "2026-03-23T14:39:45.496Z"}, "containers": {"cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "exploitCodeMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "cvssV4_0": {"version": "4.0", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"}}], "credits": [{"value": "Kr0emer", "lang": "en"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1023", "description": "Incomplete Comparison with Missing Factors", "lang": "en"}]}], "providerMetadata": {"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2026-03-23T05:00:12.522Z"}, "descriptions": [{"value": "Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect compareTo checks that accept out-of-range candidates and thus bias DSA nonces during signature generation.", "lang": "en"}], "references": [{"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370939"}, {"url": "https://gist.github.com/Kr0emer/081681818b51605c91945126d74b4f20"}, {"url": "https://github.com/kjur/jsrsasign/pull/647"}, {"url": "https://github.com/kjur/jsrsasign/commit/ee4b013478366cb16cea9a4bdfb218b6077f83b1"}], "affected": [{"product": "jsrsasign", "versions": [{"version": "7.0.0", "lessThan": "11.1.1", "status": "affected", "versionType": "semver"}], "vendor": "n/a"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T14:39:36.757966Z", "id": "CVE-2026-4599", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T14:39:45.496Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4599", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-23T14:39:36.757966Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T14:39:42.517Z"}}], "cna": {"credits": [{"lang": "en", "value": "Kr0emer"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "exploitCodeMaturity": "NOT_DEFINED", "confidentialityImpact": "HIGH"}, "cvssV4_0": {"version": "4.0", "baseScore": 9.3, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "n/a", "product": "jsrsasign", "versions": [{"status": "affected", "version": "7.0.0", "lessThan": "11.1.1", "versionType": "semver"}]}], "references": [{"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370939"}, {"url": "https://gist.github.com/Kr0emer/081681818b51605c91945126d74b4f20"}, {"url": "https://github.com/kjur/jsrsasign/pull/647"}, {"url": "https://github.com/kjur/jsrsasign/commit/ee4b013478366cb16cea9a4bdfb218b6077f83b1"}], "descriptions": [{"lang": "en", "value": "Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect compareTo checks that accept out-of-range candidates and thus bias DSA nonces during signature generation."}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1023", "description": "Incomplete Comparison with Missing Factors"}]}], "providerMetadata": {"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2026-03-23T05:00:12.522Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4599", "state": "PUBLISHED", "dateUpdated": "2026-03-23T14:39:45.496Z", "dateReserved": "2026-03-22T16:25:57.565Z", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "datePublished": "2026-03-23T05:00:12.522Z", "assignerShortName": "snyk"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jsrsasign_project:jsrsasign:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "84D23509-C02E-4150-B186-0DCDD05DA887", "versionEndExcluding": "11.1.1", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect compareTo checks that accept out-of-range candidates and thus bias DSA nonces during signature generation."}], "id": "CVE-2026-4599", "lastModified": "2026-03-23T16:17:45.400", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "report@snyk.io", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2026-03-23T06:16:21.513", "references": [{"source": "report@snyk.io", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://gist.github.com/Kr0emer/081681818b51605c91945126d74b4f20"}, {"source": "report@snyk.io", "tags": ["Patch"], "url": "https://github.com/kjur/jsrsasign/commit/ee4b013478366cb16cea9a4bdfb218b6077f83b1"}, {"source": "report@snyk.io", "tags": ["Issue Tracking"], "url": "https://github.com/kjur/jsrsasign/pull/647"}, {"source": "report@snyk.io", "tags": ["Third Party Advisory"], "url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370939"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1023"}], "source": "report@snyk.io", "type": "Secondary"}]}

{"bugzilla": {"description": "jsrsasign: jsrsasign: Private key recovery via incomplete comparison checks biasing DSA nonces", "id": "2450207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450207"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-338", "details": ["A flaw was found in jsrsasign. An attacker can exploit an incomplete comparison vulnerability in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions. By manipulating incorrect comparison checks, an attacker can bias the Digital Signature Algorithm (DSA) nonces during signature generation. This allows the attacker to recover the private key, leading to a critical security compromise."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-4599", "package_state": [{"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Affected", "package_name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Affected", "package_name": "mtv-candidate/mtv-console-plugin-rhel9", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel9", "product_name": "Red Hat Quay 3"}], "public_date": "2026-03-23T05:00:12Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-4599\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-4599\nhttps://gist.github.com/Kr0emer/081681818b51605c91945126d74b4f20\nhttps://github.com/kjur/jsrsasign/commit/ee4b013478366cb16cea9a4bdfb218b6077f83b1\nhttps://github.com/kjur/jsrsasign/pull/647\nhttps://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370939"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.0.0,11.1.1)"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}]}, "original": {"product": "jsrsasign", "source": "cna", "vendor": "n/a"}, "product": "jsrsasign", "vendor": "kjur"}], "analysis": {"en": {"generated_at": "2026-03-23T17:22:47.385572+00:00", "value": {"mitigation_remediation": ["Update jsrsasign to version 11.1.2 or later.", "Verify all dependencies are at the patched version; run npm audit or similar tool.", "If upgrade is delayed, avoid using getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax or replace them with a secure random number generator.", "Monitor logs for suspicious signing activity and revoke any compromised keys if necessary."], "summary": {"action": "Patch Immediately", "impact": "Private Key Exposure"}, "threat_synthesis": {"affected_systems": "Packages of jsrsasign from version 7.0.0 up to 11.1.1, used in Node.js applications, are affected. The library is an open\u2011source cryptographic toolkit for JavaScript, widely incorporated in web and server\u2011side projects. Any project that relies on these versions inherits the vulnerability until a patched release is applied.", "description_and_impact": "The vulnerability arises from incomplete comparison checks in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions, causing the library to accept out\u2011of\u2011range candidates and bias DSA nonces during signature generation. As a result an attacker can recover the full private key used by the library, enabling them to forge signatures and potentially impersonate legitimate users. This flaw is a classic example of insecure random number generation (CWE\u2011338) combined with improper comparison logic (CWE\u20111023).", "risk_and_exploitability": "The CVSS score of 9.3 indicates critical severity, while the EPSS score of less than 1% suggests it is currently a low\u2011likelihood target. The vulnerability is not listed in the CISA KEV catalog, but the potential impact warrants immediate attention. An attacker would need access to an environment that uses the vulnerable functions for signature generation, so the attack vector is likely local or application\u2011level rather than remote exploitation. Promptly upgrading to a fixed release removes the risk; otherwise, limited controls can be applied as a temporary mitigant."}}}}, "created": "2026-03-23T09:45:32.048013+00:00", "updated": "2026-03-25T14:49:49.344227+00:00", "vendors": ["kjur", "kjur$PRODUCT$jsrsasign"]}