VDB
CVE-2026-4599
CVE-2026-4599
PUBLISHED
CVSS 9.100000381469727 CRITICAL
jsrsasign: Incomplete Comparison Allows DSA Private Key Recovery via Biased Nonce Generation
EPSS 0.06% · 18.3th percentile
Risk Scores
CVSS 3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.06%
18.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| jsrsasign_project | jsrsasign | 7.0.0, 7.0.0, 7.0.0 |
| npm | jsrsasign | 7.0.0 |
| n/a | jsrsasign | 7.0.0, 7.0.0, 7.0.0 |
Exploit Intelligence
- https://gist.github.com/Kr0emer/081681818b51605c91945126d74b4f20 (nist-nvd)
- CIRCL seen: CVE-2026-4599 (circl-sighting)
- CIRCL seen: CVE-2026-4599 (circl-sighting)
- CIRCL seen: CVE-2026-4599 (circl-sighting)
- CIRCL seen: CVE-2026-4599 (circl-sighting)
- https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370939 (circl)
- https://github.com/kjur/jsrsasign/pull/647 (circl)
- https://github.com/kjur/jsrsasign/commit/ee4b013478366cb16cea9a4bdfb218b6077f83b1 (circl)
- GitHub Gist: 081681818b51605c91945126d74b4f20 (github)
- GitHub Gist: 081681818b51605c91945126d74b4f20 (github)
…and 1 more exploits
Timeline
- Mar 23, 2026 CVE Published
- Mar 23, 2026 EPSS Score
- Mar 23, 2026 PoC Published
- Mar 23, 2026 PoC Published
- Mar 23, 2026 PoC Published
- Mar 23, 2026 PoC Published
- Mar 24, 2026 EPSS Score
- Mar 25, 2026 EPSS Score
- Mar 25, 2026 Coalition ESS Score
- Mar 26, 2026 EPSS Score
- Mar 26, 2026 Coalition ESS Score
- Mar 27, 2026 Coalition ESS Score
References
- https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370939 url
- https://gist.github.com/Kr0emer/081681818b51605c91945126d74b4f20 url
- https://github.com/kjur/jsrsasign/pull/647 url
- https://github.com/kjur/jsrsasign/commit/ee4b013478366cb16cea9a4bdfb218b6077f83b1 url
- https://nvd.nist.gov/vuln/detail/CVE-2026-4599 advisory
- https://github.com/kjur/jsrsasign package