216.73.216.133

CVE-2026-4598

· Published 23/03/2026 07:16 · Author: The MITRE Corporation

Labels: CVE-2026-4598 2026-03-23CVE-2026-4598CWE-835[email protected]

Essential information

Published
23/03/2026 07:16
Modified
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
7.5 HIGH (v3.1) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CWE-835
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values (e.g., modInverse(0, m) or modInverse(-1, m)).

NVD status

NVD
View on NVD