jsrsasign Flaws Enable DSA Signature Forgery and Private Key Recovery
Three high-severity vulnerabilities have been disclosed in the JavaScript cryptography library jsrsasign, all affecting versions before 11.1.1 and exposing DSA implementations to signature forgery and private key compromise. CVE-2026-4600 stems from improper verification in DSA domain-parameter validation within KJUR.crypto.DSA.setPublic and related DSA/X.509 verification code, allowing attackers to supply malicious parameters such as g=1 and y=1 so forged DSA signatures or X.509 certificates are accepted as valid. The issue is classified as CWE-347 and carries high confidentiality and integrity impact.
Two additional flaws can expose DSA private keys during signing. CVE-2026-4601 affects KJUR.crypto.DSA.signWithMessageHash, where the library can emit invalid signatures when r or s becomes zero instead of retrying, creating a path to recover the private key. CVE-2026-4599 affects versions from 7.0.0 through versions before 11.1.1 and is tied to incomplete comparison logic in getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax, which can accept out-of-range values, bias DSA nonces, and likewise enable key recovery. The disclosures were accompanied by upstream commits, pull requests, public writeups, and Snyk advisories, with all three bugs rated for high confidentiality and integrity impact and no direct availability impact.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
jsrsasign flaws affecting DSA operations are disclosed
Three vulnerabilities in jsrsasign affecting versions before 11.1.1 were publicly reported: CVE-2026-4599 (biased DSA nonce generation enabling private key recovery), CVE-2026-4600 (improper DSA/X.509 signature verification enabling signature or certificate forgery), and CVE-2026-4601 (missing retry on invalid DSA signature values enabling private key recovery). The disclosures reference associated GitHub commits, pull requests, public gists, and Snyk advisories.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
CVE-2026-4600 - Apache Commons Crypto DSA Signature Forgery
cvefeed.io
Open sourceCVE-2026-4601 - Adobe jsrsasign Missing Cryptographic Step Vulnerability
cvefeed.io
Open sourceCVE-2026-4599 - Apache jsrsasign Incomplete Comparison Vulnerability
cvefeed.io
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
JavaScript Library Flaws Enable Sandbox Escape and Code Execution
Two high-severity flaws were disclosed in widely used JavaScript libraries, exposing applications to sandbox bypass and arbitrary code execution. **CVE-2026-34208** affects SandboxJS before `0.8.36` and allows attacker-supplied code to evade protections on direct assignment to global objects by abusing an exposed constructor path. The bypass uses `this.constructor.call(target, attackerObject)` to reach the internal `SandboxGlobal` function while `Function.prototype.call` remains permitted, enabling arbitrary properties to be written into host global objects and persist across sandbox instances in the same process. A separate issue, **CVE-2026-41242**, impacts `protobufjs` before `8.0.1` and `7.5.5`, where attackers can inject arbitrary code into Protocol Buffers definition `type` fields and trigger execution during object decoding with a malicious schema. The flaw is tracked as **CWE-94** and carries a CVSS v4 rating reflecting network-reachable exploitation with high impact to confidentiality, integrity, availability, and downstream systems. Maintainers released fixes in SandboxJS `0.8.36` and protobufjs `8.0.1` and `7.5.5`.
Jun 29, 2026
Signature Verification Bypass Vulnerability in node-forge (CVE-2025-12816)
A critical vulnerability (CVE-2025-12816) was discovered in the popular JavaScript cryptography library *node-forge*, which is downloaded over 20 million times per week. The flaw allows attackers to bypass signature verification by exploiting an interpretation-conflict in the library's ASN.1 validation mechanism, enabling malformed data to pass as valid even when cryptographically invalid. This vulnerability could allow unauthenticated attackers to craft ASN.1 structures that desynchronize schema validations, potentially bypassing cryptographic verifications and security decisions in applications relying on node-forge. The issue was responsibly disclosed by a researcher from Palo Alto Networks, and a fix was released in version 1.3.2 of node-forge. Security advisories from CERT-CC warn that the impact varies by application, but may include authentication bypass, signed data tampering, and misuse of certificate-related functions. Developers using node-forge are strongly advised to update to the latest version immediately to mitigate the risk, as the vulnerability could have significant consequences in environments where cryptographic verification is central to trust decisions.
Jun 29, 2026
Critical Authentication Bypass Vulnerabilities in ruby-saml Library
Two critical authentication bypass vulnerabilities have been identified in the *ruby-saml* library, tracked as CVE-2025-66567 and CVE-2025-66568. Both flaws affect versions up to and including 1.12.4 and allow attackers to execute Signature Wrapping attacks, potentially bypassing SAML authentication. CVE-2025-66568 is caused by Libxml2 canonicalization errors, where invalid XML input may result in an empty string during canonicalization, leading to improper Digest/Signature validation. CVE-2025-66567 arises from differences in XML parsing between ReXML and Nokogiri, resulting in inconsistent document structures and an incomplete fix for a previous vulnerability (CVE-2025-25292). Both vulnerabilities are remotely exploitable and have been rated as critical with a CVSS score of 9.3. The issues have been addressed in *ruby-saml* version 1.18.0, and users are strongly advised to update to this version to mitigate the risk of authentication bypass. These vulnerabilities could allow attackers to impersonate users or gain unauthorized access to systems relying on SAML authentication via the affected library. No affected products have been specifically listed, but any application using vulnerable versions of *ruby-saml* is at risk. Security advisories and technical details have been published to inform the community and facilitate remediation.
Jun 29, 2026