216.73.216.133

CVE-2026-4602

· Published 23/03/2026 07:16 · Author: The MITRE Corporation

Labels: CVE-2026-4602 2026-03-23CVE-2026-4602CWE-681[email protected]

Essential information

Published
23/03/2026 07:16
Modified
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
7.5 HIGH (v3.1) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CWE-681
EPSS (First)
P31.6% ?EPSS percentile: rank of this vulnerability versus all others. Higher percentile = more likely to be exploited. Learn more (score 0.00400)
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative exponent.

NVD status

NVD
View on NVD