Description
Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect compareTo checks that accept out-of-range candidates and thus bias DSA nonces during signature generation.
Published: 2026-03-23
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Private Key Exposure
Action: Patch Immediately
AI Analysis

Impact

The vulnerability arises from incomplete comparison checks in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions, causing the library to accept out‑of‑range candidates and bias DSA nonces during signature generation. As a result an attacker can recover the full private key used by the library, enabling them to forge signatures and potentially impersonate legitimate users. This flaw is a classic example of insecure random number generation (CWE‑338) combined with improper comparison logic (CWE‑1023).

Affected Systems

Packages of jsrsasign from version 7.0.0 up to 11.1.1, used in Node.js applications, are affected. The library is an open‑source cryptographic toolkit for JavaScript, widely incorporated in web and server‑side projects. Any project that relies on these versions inherits the vulnerability until a patched release is applied.

Risk and Exploitability

The CVSS score of 9.3 indicates critical severity, while the EPSS score of less than 1% suggests it is currently a low‑likelihood target. The vulnerability is not listed in the CISA KEV catalog, but the potential impact warrants immediate attention. An attacker would need access to an environment that uses the vulnerable functions for signature generation, so the attack vector is likely local or application‑level rather than remote exploitation. Promptly upgrading to a fixed release removes the risk; otherwise, limited controls can be applied as a temporary mitigant.

Generated by OpenCVE AI on March 23, 2026 at 17:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update jsrsasign to version 11.1.2 or later.
  • Verify all dependencies are at the patched version; run npm audit or similar tool.
  • If upgrade is delayed, avoid using getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax or replace them with a secure random number generator.
  • Monitor logs for suspicious signing activity and revoke any compromised keys if necessary.

Generated by OpenCVE AI on March 23, 2026 at 17:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-5jx8-q4cp-rhh6 jsrsasign: Incomplete Comparison Allows DSA Private Key Recovery via Biased Nonce Generation
History

Mon, 23 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Jsrsasign Project
Jsrsasign Project jsrsasign
CPEs cpe:2.3:a:jsrsasign_project:jsrsasign:*:*:*:*:*:node.js:*:*
Vendors & Products Jsrsasign Project
Jsrsasign Project jsrsasign

Mon, 23 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Title jsrsasign: jsrsasign: Private key recovery via incomplete comparison checks biasing DSA nonces
Weaknesses CWE-338
References
Metrics threat_severity

None

 threat_severity

Important

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Kjur
Kjur jsrsasign
Vendors & Products Kjur
Kjur jsrsasign

Mon, 23 Mar 2026 05:45:00 +0000

Type Values Removed Values Added
Description Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect compareTo checks that accept out-of-range candidates and thus bias DSA nonces during signature generation.
Weaknesses CWE-1023
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Jsrsasign Project Jsrsasign
Kjur Jsrsasign
cve-icon MITRE

Status: PUBLISHED

Assigner: snyk

Published:

Updated: 2026-03-23T14:39:45.496Z

Reserved: 2026-03-22T16:25:57.565Z

Link: CVE-2026-4599

cve-icon Vulnrichment

Updated: 2026-03-23T14:39:42.517Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-23T06:16:21.513

Modified: 2026-03-23T16:17:45.400

Link: CVE-2026-4599

cve-icon Redhat

Severity : Important

Publid Date: 2026-03-23T05:00:12Z

Links: CVE-2026-4599 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:49:49Z

Weaknesses