{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2026-4600", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "state": "PUBLISHED", "assignerShortName": "snyk", "dateReserved": "2026-03-22T16:26:03.357Z", "datePublished": "2026-03-23T05:00:08.475Z", "dateUpdated": "2026-07-07T15:25:35.722Z" }, "containers": { "cna": { "metrics": [ { "cvssV3_1": { "version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P" }, "cvssV4_0": { "version": "4.0", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" } } ], "credits": [ { "value": "Kr0emer", "lang": "en" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-347", "description": "Improper Verification of Cryptographic Signature", "lang": "en" } ] } ], "providerMetadata": { "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2026-07-07T15:25:35.722Z" }, "descriptions": [ { "value": "Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic (and the related DSA/X509 verification flow in src/dsa-2.0.js). An attacker can forge DSA signatures or X.509 certificates that X509.verifySignature() accepts by supplying malicious domain parameters such as g=1, y=1, and a fixed r=1, which make the verification equation true for any hash.", "lang": "en" } ], "references": [ { "url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370940" }, { "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-15812268" }, { "url": "https://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7" }, { "url": "https://github.com/kjur/jsrsasign/pull/646" }, { "url": "https://github.com/kjur/jsrsasign/commit/37b4c06b145c7bfd6bc2a6df5d0a12c56b15ef60" } ], "affected": [ { "product": "jsrsasign", "versions": [ { "version": "0", "lessThan": "11.1.1", "status": "affected", "versionType": "semver" } ], "vendor": "n/a" }, { "product": "org.webjars.npm:jsrsasign", "versions": [ { "version": "0", "lessThan": "*", "status": "affected", "versionType": "semver" } ], "vendor": "n/a" } ] }, "adp": [ { "problemTypes": [ { "descriptions": [ { "type": "CWE", "cweId": "CWE-347", "lang": "en", "description": "CWE-347 Improper Verification of Cryptographic Signature" } ] } ], "references": [ { "url": "https://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7", "tags": [ "exploit" ] } ], "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2026-03-23T14:32:39.569693Z", "id": "CVE-2026-4600", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T15:53:02.042Z" } }, { "affected": [ { "cpes": [ "cpe:/a:redhat:migration_toolkit_virtualization:2.10::el9" ], "defaultStatus": "affected", "product": "Migration Toolkit for Virtualization 2.1", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:migration_toolkit_virtualization:2.9::el9" ], "defaultStatus": "affected", "product": "Migration Toolkit for Virtualization 2.9", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:quay:3.10::el8" ], "defaultStatus": "affected", "product": "Red Hat Quay 3.10", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:quay:3.12::el8" ], "defaultStatus": "affected", "product": "Red Hat Quay 3.12", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:quay:3.15::el8" ], "defaultStatus": "affected", "product": "Red Hat Quay 3.15", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:quay:3.16::el9" ], "defaultStatus": "affected", "product": "Red Hat Quay 3.16", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:quay:3.9::el8" ], "defaultStatus": "affected", "product": "Red Hat Quay 3.9", "vendor": "Red Hat" } ], "datePublic": "2026-03-23T05:00:08.475Z", "descriptions": [ { "lang": "en", "value": "A flaw was found in jsrsasign. An attacker can exploit improper verification of cryptographic signatures by supplying malicious domain parameters during the Digital Signature Algorithm (DSA) validation process. This allows the attacker to forge DSA signatures or X.509 certificates, which would then be accepted as legitimate, potentially leading to unauthorized access or data manipulation." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-347", "description": "Improper Verification of Cryptographic Signature", "lang": "en", "type": "CWE" } ] } ], "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2026-4600" }, { "name": "RHBZ#2450208", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450208" }, { "tags": [ "x_sadp-csaf-vex" ], "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4600.json" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:19409" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:19410" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:6912" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:6720" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:6568" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:19375" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:6926" } ], "solutions": [ { "lang": "en", "value": "RHSA-2026:19409: Migration Toolkit for Virtualization 2.1" }, { "lang": "en", "value": "RHSA-2026:19410: Migration Toolkit for Virtualization 2.9" }, { "lang": "en", "value": "RHSA-2026:6912: Red Hat Quay 3.10" }, { "lang": "en", "value": "RHSA-2026:6720: Red Hat Quay 3.12" }, { "lang": "en", "value": "RHSA-2026:6568: Red Hat Quay 3.15" }, { "lang": "en", "value": "RHSA-2026:19375: Red Hat Quay 3.16" }, { "lang": "en", "value": "RHSA-2026:6926: Red Hat Quay 3.9" } ], "timeline": [ { "lang": "en", "time": "2026-03-23T06:01:39.334Z", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2026-03-23T05:00:08.475Z", "value": "Made public." } ], "title": "jsrsasign: jsrsasign: Cryptographic signature forgery via malicious DSA domain parameters", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability." } ], "x_adpType": "supplier", "x_generator": { "engine": "sadp-cli 1.0.0" }, "providerMetadata": { "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c", "shortName": "redhat-SADP", "dateUpdated": "2026-07-01T12:04:59.403Z" } } ] } }