SNYK-JS-JSRSASIGN-15371175

SNYK-JS-JSRSASIGN-15371175 PUBLISHED CVSS 8.699999809265137 HIGH

## Overview [jsrsasign](https://www.npmjs.com/package/jsrsasign) is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in `ext/jsbn2.js`. An attacker can force the computation of incorrect modular inverses and break signature verification by calling `modPow` with a negative exponent. ## Remediation Upgrade `jsrsasign` to version 11.1.1 or higher. ## References - [GitHub Commit](https://github.com/kjur/jsrsasign/commit/5ea1c32bb2aa894b4bd29849839afe4f98728195) - [GitHub Gist](https://gist.github.com/Kr0emer/7ecd2be7d17419e4677315ef3758faf5) - [GitHub PR](https://github.com/kjur/jsrsasign/pull/650)

Risk Scores

CVSS v3.1

8.699999809265137

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P

Affected Products

Vendor	Product	Versions
		0

Timeline

Feb 21, 2026 CVE Updated
Mar 22, 2026 CVE Published

References

Open in Interactive Console →