CVE-2026-4599 | jsrsasign up to 11.1.0 Private Key src/crypto-1.1.js incomplete comparison with missing factors (SNYK-JS-JSRSASIGN-15370939)

Inserito da Angelo Barbosa | Mar 23, 2026 | CVE

A vulnerability categorized as critical has been discovered in jsrsasign up to 11.1.0. This affects the function getRandomBigIntegerZeroToMax/getRandomBigIntegerMinToMax of the file src/crypto-1.1.js of the component Private Key Handler. Executing a manipulation can lead to incomplete comparison with missing factors.

This vulnerability is handled as CVE-2026-4599. The attack can be executed remotely. There is not any exploit available.

It is advisable to upgrade the affected component.

CVE-2026-4599 | jsrsasign up to 11.1.0 Private Key src/crypto-1.1.js incomplete comparison with missing factors (SNYK-JS-JSRSASIGN-15370939)

Post correlati

CVE-2024-41658 | Casdoor up to 1.577.0 cross site scripting (GHSL-2024-035)

CVE-2024-41865 | Adobe Dimension up to 3.4.11 untrusted search path (apsb24-47)

CVE-2026-32357 | Katsushi Kawamori Simple Blog Card Plugin up to 2.37 on WordPress server-side request forgery

CVE-2026-1325 | Sangfor Operation and Maintenance Security Management System edit_pwd_mall password recovery