Description
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, node:crypto.checkPrime(candidate[, options][, callback]) and crypto.checkPrimeSync(candidate[, options]) ran no Miller-Rabin rounds at all when the caller left options.checks at its default of 0. In that mode, the only test applied to the candidate was trial division by the primes up to 17,863. Any composite whose smallest prime factor exceeds that bound — for example the product of two primes just above it, such as 17,881 × 17,891 — was reported as true ("probably prime"). The same divergence affected the lower-level op_node_check_prime / op_node_check_prime_bytes paths that the polyfill calls into. This vulnerability is fixed in 2.8.1.
Published: 2026-06-23
Score: 7.4 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability originates in the Miller‑Rabin primality routine used by the Deno crypto module. When the 'checks' option defaults to zero, the function performs no probabilistic rounds and relies solely on trial division by primes up to 17,863. Any composite number whose smallest prime divisor exceeds that bound—such as the product of 17,881 and 17,891—incorrectly passes as probably prime. This flaw, classified as CWE‑325, allows developers to generate cryptographic key candidates that are not truly prime, weakening the security of asymmetric algorithms and exposing systems to factorization attacks. The issue affects the node:crypto.checkPrime and related native ops and is fixed in Deno version 2.8.1.

Affected Systems

Vendors and products affected are Deno, maintained by denoland:deno, for all releases prior to version 2.8.1. The vulnerability is present in Deno 2.8.0 and earlier, regardless of operating system or environment, because the flawed function is part of the core runtime.

Risk and Exploitability

The CVSS score of 7.4 indicates a high severity. The EPSS score is not listed, so the current data does not specify exploitation probability. The vulnerability is not in the CISA KEV catalog. Based on the description, it is inferred that the attack vector requires execution of code that calls the affected crypto.checkPrime APIs, meaning the threat is limited to applications running with the vulnerable Deno runtime. An attacker could use the function to generate insecure keys or supply crafted parameters that bypass the intended security checks. However, no publicly available exploits are reported, and mitigation is simply to update to a fixed release.

Generated by OpenCVE AI on June 24, 2026 at 10:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Deno to 2.8.1 or later to correct the flawed primality test and thus address CWE‑325.
  • Update application code to enforce a sufficient number of Miller‑Rabin rounds or use a validated library for cryptographic key generation, ensuring that any weak prime candidates are rejected (CWE‑325).
  • Revoke and regenerate any cryptographic keys that may have been produced by a vulnerable Deno runtime, and audit for use of weak primes to mitigate any potential security impact of CWE‑325.

Generated by OpenCVE AI on June 24, 2026 at 10:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-9xg4-qhm4-g43w Deno: Miller-Rabin Primality Test Allows Zero Rounds
History

Thu, 25 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 24 Jun 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Deno
Deno deno
Vendors & Products Deno
Deno deno

Wed, 24 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 23 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Description Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, node:crypto.checkPrime(candidate[, options][, callback]) and crypto.checkPrimeSync(candidate[, options]) ran no Miller-Rabin rounds at all when the caller left options.checks at its default of 0. In that mode, the only test applied to the candidate was trial division by the primes up to 17,863. Any composite whose smallest prime factor exceeds that bound — for example the product of two primes just above it, such as 17,881 × 17,891 — was reported as true ("probably prime"). The same divergence affected the lower-level op_node_check_prime / op_node_check_prime_bytes paths that the polyfill calls into. This vulnerability is fixed in 2.8.1.
Title Deno: Miller-Rabin Primality Test Allows Zero Rounds
Weaknesses CWE-325
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-25T13:48:28.573Z

Reserved: 2026-05-30T02:43:33.105Z

Link: CVE-2026-49440

cve-icon Vulnrichment

Updated: 2026-06-24T13:34:46.455Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T16:00:06Z

Weaknesses
  • CWE-325

    Missing Cryptographic Step