{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4600", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "state": "PUBLISHED", "assignerShortName": "snyk", "dateReserved": "2026-03-22T16:26:03.357Z", "datePublished": "2026-03-23T05:00:08.475Z", "dateUpdated": "2026-03-23T15:53:02.042Z"}, "containers": {"cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P"}, "cvssV4_0": {"version": "4.0", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"}}], "credits": [{"value": "Kr0emer", "lang": "en"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-347", "description": "Improper Verification of Cryptographic Signature", "lang": "en"}]}], "providerMetadata": {"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2026-03-23T05:00:08.475Z"}, "descriptions": [{"value": "Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic (and the related DSA/X509 verification flow in src/dsa-2.0.js). An attacker can forge DSA signatures or X.509 certificates that X509.verifySignature() accepts by supplying malicious domain parameters such as g=1, y=1, and a fixed r=1, which make the verification equation true for any hash.", "lang": "en"}], "references": [{"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370940"}, {"url": "https://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7"}, {"url": "https://github.com/kjur/jsrsasign/pull/646"}, {"url": "https://github.com/kjur/jsrsasign/commit/37b4c06b145c7bfd6bc2a6df5d0a12c56b15ef60"}], "affected": [{"product": "jsrsasign", "versions": [{"version": "0", "lessThan": "11.1.1", "status": "affected", "versionType": "semver"}], "vendor": "n/a"}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-347", "lang": "en", "description": "CWE-347 Improper Verification of Cryptographic Signature"}]}], "references": [{"url": "https://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T14:32:39.569693Z", "id": "CVE-2026-4600", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T15:53:02.042Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jsrsasign_project:jsrsasign:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "1EBBE1A6-4D19-4ED2-859C-73AFBDA25DEA", "versionEndExcluding": "11.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic (and the related DSA/X509 verification flow in src/dsa-2.0.js). An attacker can forge DSA signatures or X.509 certificates that X509.verifySignature() accepts by supplying malicious domain parameters such as g=1, y=1, and a fixed r=1, which make the verification equation true for any hash."}, {"lang": "es", "value": "Las versiones del paquete jsrsasign anteriores a la 11.1.1 son vulnerables a la Verificaci\u00f3n Incorrecta de Firma Criptogr\u00e1fica a trav\u00e9s de la validaci\u00f3n de par\u00e1metros de dominio DSA en KJUR.crypto.DSA.setPublic (y el flujo de verificaci\u00f3n DSA/X509 relacionado en src/dsa-2.0.js). Un atacante puede falsificar firmas DSA o certificados X.509 que X509.verifySignature() acepta al suministrar par\u00e1metros de dominio maliciosos como g=1, y=1, y un r=1 fijo, lo que hace que la ecuaci\u00f3n de verificaci\u00f3n sea verdadera para cualquier hash."}], "id": "CVE-2026-4600", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "report@snyk.io", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2026-03-23T06:16:21.697", "references": [{"source": "report@snyk.io", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7"}, {"source": "report@snyk.io", "tags": ["Patch"], "url": "https://github.com/kjur/jsrsasign/commit/37b4c06b145c7bfd6bc2a6df5d0a12c56b15ef60"}, {"source": "report@snyk.io", "tags": ["Issue Tracking"], "url": "https://github.com/kjur/jsrsasign/pull/646"}, {"source": "report@snyk.io", "tags": ["Third Party Advisory"], "url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370940"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "report@snyk.io", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-347"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "jsrsasign: jsrsasign: Cryptographic signature forgery via malicious DSA domain parameters", "id": "2450208", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450208"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "status": "draft"}, "cwe": "CWE-347", "details": ["A flaw was found in jsrsasign. An attacker can exploit improper verification of cryptographic signatures by supplying malicious domain parameters during the Digital Signature Algorithm (DSA) validation process. This allows the attacker to forge DSA signatures or X.509 certificates, which would then be accepted as legitimate, potentially leading to unauthorized access or data manipulation."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-4600", "package_state": [{"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Affected", "package_name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Affected", "package_name": "mtv-candidate/mtv-console-plugin-rhel9", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel9", "product_name": "Red Hat Quay 3"}], "public_date": "2026-03-23T05:00:08Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-4600\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-4600\nhttps://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7\nhttps://github.com/kjur/jsrsasign/commit/37b4c06b145c7bfd6bc2a6df5d0a12c56b15ef60\nhttps://github.com/kjur/jsrsasign/pull/646\nhttps://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370940"], "statement": "IMPORTANT. The flaw in jsrsasign allows an attacker to forge Digital Signature Algorithm (DSA) signatures or X.509 certificates by providing malicious domain parameters during validation. This could lead to unauthorized access or data manipulation in affected Red Hat products such as Migration Toolkit for Virtualization and Red Hat Quay, where jsrsasign is utilized for cryptographic signature verification.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,11.1.1)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}]}, "original": {"product": "jsrsasign", "source": "cna", "vendor": "n/a"}, "product": "jsrsasign", "vendor": "kjur"}], "analysis": {"en": {"generated_at": "2026-03-23T17:52:22.262111+00:00", "value": {"mitigation_remediation": ["Upgrade jsrsasign to version 11.1.1 or later.", "Verify the installed package version, ensuring it includes the patch.", "Re\u2011run any tests that cover DSA or X.509 verification to confirm the issue is resolved.", "If upgrading is not possible immediately, restrict jsrsasign to trusted inputs and do not accept arbitrary DSA parameters from external sources.", "Consider replacing jsrsasign with an alternative library that enforces strict domain\u2011parameter validation as a last resort."], "summary": {"action": "Immediate Patch", "impact": "Cryptographic signature forgery"}, "threat_synthesis": {"affected_systems": "All Node.js applications that depend on jsrsasign older than 11.1.1 and use its DSA or X.509 verification routines are affected. This includes any project that imports KJUR.crypto.DSA.setPublic or X509.verifySignature to verify signatures or certificates, regardless of deployment environment.", "description_and_impact": "Versions of the jsrsasign package before 11.1.1 contain a flaw that allows an attacker to forge DSA signatures or X.509 certificates that the library\u2019s verification functions will accept. By supplying malicious domain parameters \u2013 for example, setting the generator to 1, the public key to 1, and fixing the signature component r to 1 \u2013 the mathematical check performed by DSA.setPublic and X509.verifySignature passes for any hash. This undermines the integrity guarantees of authentication or data protection mechanisms that rely on JavaScript or Node.js code to validate signed data.", "risk_and_exploitability": "The flaw has a high CVSS score of 9.1, indicating severe potential impact if exploited. The probability of exploitation is currently low, but the vulnerability could be triggered remotely by supplying crafted data to any component that uses the library for signature or certificate verification. It is not listed in the national vulnerability inventory, yet the high severity warrants immediate action once the library is in use."}}}}, "created": "2026-03-23T09:45:35.311235+00:00", "updated": "2026-03-25T14:49:52.488227+00:00", "vendors": ["kjur", "kjur$PRODUCT$jsrsasign"]}