CVE-2026-4600
Summary
| CVE | CVE-2026-4600 |
|---|---|
| State | PUBLISHED |
| Assigner | snyk |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-03-23 06:16:21 UTC |
| Updated | 2026-07-01 13:17:41 UTC |
| Description | Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic (and the related DSA/X509 verification flow in src/dsa-2.0.js). An attacker can forge DSA signatures or X.509 certificates that X509.verifySignature() accepts by supplying malicious domain parameters such as g=1, y=1, and a fixed r=1, which make the verification equation true for any hash. |
Risk And Classification
Primary CVSS: v4.0 8.1 HIGH from [email protected]
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS: 0.002250000 probability, percentile 0.130840000 (date 2026-07-02)
Problem Types: CWE-347 | CWE-347 Improper Verification of Cryptographic Signature | CWE-347 CWE-347 Improper Verification of Cryptographic Signature
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | [email protected] | Secondary | 8.1 | HIGH | CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/C... |
| 4.0 | CNA | DECLARED | 9.1 | CRITICAL | CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P |
| 3.1 | [email protected] | Primary | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
| 3.1 | ADP | CVSS | 8.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N |
| 3.1 | [email protected] | Secondary | 7.4 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
| 3.1 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | Secondary | 8.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N |
| 3.1 | CNA | DECLARED | 7.4 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P |
CVSS v4.0 Breakdown
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS v3.1 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Na | Jsrsasign | affected 11.1.1 semver | Not specified |
| CNA | Na | Org.webjars.npmjsrsasign | affected * semver | Not specified |
| ADP | Red Hat | Migration Toolkit For Virtualization 2.1 | Not specified | Not specified |
| ADP | Red Hat | Migration Toolkit For Virtualization 2.9 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Quay 3.10 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Quay 3.12 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Quay 3.15 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Quay 3.16 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Quay 3.9 | Not specified | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| access.redhat.com/security/cve/CVE-2026-4600 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:19410 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4600.json | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | security.access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:6720 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:6568 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370940 | [email protected] | security.snyk.io | Third Party Advisory |
| github.com/kjur/jsrsasign/pull/646 | [email protected] | github.com | Issue Tracking |
| access.redhat.com/errata/RHSA-2026:19375 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:6912 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:6926 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| github.com/kjur/jsrsasign/commit/37b4c06b145c7bfd6bc2a6df5d0a12c56b15ef60 | [email protected] | github.com | Patch |
| bugzilla.redhat.com/show_bug.cgi | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | bugzilla.redhat.com | |
| gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | gist.github.com | Exploit, Mitigation, Third Party Advisory |
| access.redhat.com/errata/RHSA-2026:19409 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-15812268 | [email protected] | security.snyk.io | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Kr0emer (en)
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| ADP | 2026-03-23T06:01:39.334Z | Reported to Red Hat. |
| ADP | 2026-03-23T05:00:08.475Z | Made public. |
Solutions
ADP: RHSA-2026:19409: Migration Toolkit for Virtualization 2.1
ADP: RHSA-2026:19410: Migration Toolkit for Virtualization 2.9
ADP: RHSA-2026:6912: Red Hat Quay 3.10
ADP: RHSA-2026:6720: Red Hat Quay 3.12
ADP: RHSA-2026:6568: Red Hat Quay 3.15
ADP: RHSA-2026:19375: Red Hat Quay 3.16
ADP: RHSA-2026:6926: Red Hat Quay 3.9
Workarounds
ADP: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.