CVE-2026-4601

// This PoC demonstrates the key recovery calculation if a vulnerable signature (s=0) is obtained. // Vulnerable environment: jsrsasign < 11.1.1 const { KJUR } = require('jsrsasign'); // Scenario: Attacker captures a message and a vulnerable signature where s=0 const message = "Target Message"; const sigHex = "00000000..."; // Hex string where s component is 0 // Parse the signature to get r and s const sig = new KJUR.crypto.Signature({"alg": "SHA1withDSA"}); sig.init({"d": "dummy_priv_key", "p": "...", "q": "...", "g": "..."}); // Context for parsing // In a real attack, the attacker observes the signature (r, 0) // and knows the message hash H(m). // The private key x can be calculated as: // x = -H(m) * r^(-1) mod q console.log("[!] If s=0, Private Key (x) is directly compromised via:"); console.log("x = -Hash(message) * modular_inverse(r, q)"); // Note: Forcing s=0 in the actual library requires triggering the internal bug // repeatedly until the random nonce k results in s=0.

{"cve": {"id": "CVE-2026-4601", "sourceIdentifier": "[email protected]", "published": "2026-03-23T06:16:21.893", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature without retrying, and then solves for x from the resulting signature."}, {"lang": "es", "value": "Las versiones del paquete jsrsasign anteriores a la 11.1.1 son vulnerables a Paso Criptográfico Faltante a través del proceso KJUR.crypto.DSA.signWithMessageHash en la implementación de firma DSA. Un atacante puede recuperar la clave privada forzando a r o s a ser cero, de modo que la biblioteca emite una firma inválida sin reintentar, y luego resuelve para x a partir de la firma resultante."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 5.8}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-325"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:jsrsasign_project:jsrsasign:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "11.1.1", "matchCriteriaId": "1EBBE1A6-4D19-4ED2-859C-73AFBDA25DEA"}]}]}], "references": [{"url": "https://gist.github.com/Kr0emer/93789fe6efe5519db9692d4ad1dad586", "source": "[email protected]", "tags": ["Exploit", "Mitigation", "Third Party Advisory"]}, {"url": "https://github.com/kjur/jsrsasign/commit/0710e392ec35de697ce11e4219c988ba2b5fe0eb", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/kjur/jsrsasign/pull/645", "source": "[email protected]", "tags": ["Issue Tracking"]}, {"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370941", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}