{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2026-4599", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "state": "PUBLISHED", "assignerShortName": "snyk", "dateReserved": "2026-03-22T16:25:57.565Z", "datePublished": "2026-03-23T05:00:12.522Z", "dateUpdated": "2026-07-15T00:51:52.668Z" }, "containers": { "cna": { "metrics": [ { "cvssV3_1": { "version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "exploitCodeMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, "cvssV4_0": { "version": "4.0", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" } } ], "credits": [ { "value": "Kr0emer", "lang": "en" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1023", "description": "Incomplete Comparison with Missing Factors", "lang": "en" } ] } ], "providerMetadata": { "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2026-07-09T15:25:18.656Z" }, "descriptions": [ { "value": "Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect compareTo checks that accept out-of-range candidates and thus bias DSA nonces during signature generation.", "lang": "en" } ], "references": [ { "url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370939" }, { "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-15812264" }, { "url": "https://gist.github.com/Kr0emer/081681818b51605c91945126d74b4f20" }, { "url": "https://github.com/kjur/jsrsasign/pull/647" }, { "url": "https://github.com/kjur/jsrsasign/commit/ee4b013478366cb16cea9a4bdfb218b6077f83b1" } ], "affected": [ { "product": "jsrsasign", "versions": [ { "version": "7.0.0", "lessThan": "11.1.1", "status": "affected", "versionType": "semver" } ], "vendor": "n/a" }, { "product": "org.webjars.npm:jsrsasign", "versions": [ { "version": "8.0.12", "lessThan": "*", "status": "affected", "versionType": "semver" } ], "vendor": "n/a" } ] }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2026-03-23T14:39:36.757966Z", "id": "CVE-2026-4599", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T14:39:45.496Z" } }, { "affected": [ { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_virtualization:2.10::el9" ], "defaultStatus": "affected", "packageName": "migration-toolkit-virtualization/mtv-console-plugin-rhel9", "product": "Migration Toolkit for Virtualization 2.1", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1779139872", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_virtualization:2.9::el9" ], "defaultStatus": "affected", "packageName": "migration-toolkit-virtualization/mtv-console-plugin-rhel9", "product": "Migration Toolkit for Virtualization 2.9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1778927462", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:quay:3.10::el8" ], "defaultStatus": "affected", "packageName": "quay/quay-rhel8", "product": "Red Hat Quay 3.10", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1775169155", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:quay:3.12::el8" ], "defaultStatus": "affected", "packageName": "quay/quay-rhel8", "product": "Red Hat Quay 3.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1775253092", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:quay:3.15::el8" ], "defaultStatus": "affected", "packageName": "quay/quay-rhel8", "product": "Red Hat Quay 3.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1775169219", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:quay:3.16::el9" ], "defaultStatus": "affected", "packageName": "quay/quay-rhel9", "product": "Red Hat Quay 3.16", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1779204086", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:quay:3.9::el8" ], "defaultStatus": "affected", "packageName": "quay/quay-rhel8", "product": "Red Hat Quay 3.9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1775169218", "versionType": "rpm" } ] } ], "datePublic": "2026-03-23T05:00:12.522Z", "descriptions": [ { "lang": "en", "value": "A flaw was found in jsrsasign. An attacker can exploit an incomplete comparison vulnerability in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions. By manipulating incorrect comparison checks, an attacker can bias the Digital Signature Algorithm (DSA) nonces during signature generation. This allows the attacker to recover the private key, leading to a critical security compromise." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-338", "description": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", "lang": "en", "type": "CWE" } ] } ], "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2026-4599" }, { "name": "RHBZ#2450207", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450207" }, { "tags": [ "x_sadp-csaf-vex" ], "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4599.json" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:19409" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:19410" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:6912" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:6720" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:6568" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:19375" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:6926" } ], "solutions": [ { "lang": "en", "value": "RHSA-2026:19409: Migration Toolkit for Virtualization 2.1" }, { "lang": "en", "value": "RHSA-2026:19410: Migration Toolkit for Virtualization 2.9" }, { "lang": "en", "value": "RHSA-2026:6912: Red Hat Quay 3.10" }, { "lang": "en", "value": "RHSA-2026:6720: Red Hat Quay 3.12" }, { "lang": "en", "value": "RHSA-2026:6568: Red Hat Quay 3.15" }, { "lang": "en", "value": "RHSA-2026:19375: Red Hat Quay 3.16" }, { "lang": "en", "value": "RHSA-2026:6926: Red Hat Quay 3.9" } ], "timeline": [ { "lang": "en", "time": "2026-03-23T06:01:34.008Z", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2026-03-23T05:00:12.522Z", "value": "Made public." } ], "title": "jsrsasign: jsrsasign: Private key recovery via incomplete comparison checks biasing DSA nonces", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability." } ], "x_adpType": "supplier", "x_generator": { "engine": "sadp-cli 1.0.0" }, "providerMetadata": { "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c", "shortName": "redhat-SADP", "dateUpdated": "2026-07-15T00:51:52.668Z" } } ] } }