CVE-2026-4258
Published: 17 March 2026
Summary
CVE-2026-4258 is a high-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 4.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-12 (Cryptographic Key Establishment and Management) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely identification, reporting, and correction of the specific flaw in sjcl's ECDH point-on-curve validation via available patch to prevent private key recovery.
Mandates validation of information inputs such as ECDH public keys to detect and reject crafted off-curve points, addressing the core vulnerability.
Requires approved cryptographic key establishment techniques per NIST SP 800-56A that include elliptic curve point validation, preventing exploitation through invalid public keys in ECDH.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables remote recovery of ECDH private keys via crafted inputs and missing curve validation (direct credential theft); maps to exploitation for credential access and private key compromise.
NVD Description
All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs.…
more
The dhJavaEc() function directly returns the raw x-coordinate of the scalar multiplication result (no hashing), providing a plaintext oracle without requiring any decryption feedback.
Deeper analysisAI
CVE-2026-4258 is an Improper Verification of Cryptographic Signature vulnerability (CWE-347, CWE-325) affecting all versions of the sjcl JavaScript cryptographic library. It arises from missing point-on-curve validation in the sjcl.ecc.basicKey.publicKey() function, enabling attackers to recover a victim's ECDH private key. The issue has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and was published on 2026-03-17.
A network-based attacker requires no privileges or user interaction to exploit this vulnerability. By sending crafted off-curve public keys to a victim and observing the resulting ECDH outputs, the attacker can recover the private key. The dhJavaEc() function exacerbates the issue by directly returning the raw x-coordinate of the scalar multiplication result without hashing, providing a plaintext oracle that does not rely on decryption feedback.
Mitigation is available via a patch in the sjcl repository at commit ee307459972442a17beebc29dc331fffd8aff796, which addresses the point validation flaw. Further details, including a proof-of-concept, are provided in the GitHub gist at https://gist.github.com/Kr0emer/2560f98edb10b0b34f2438cd63913c47 and the Snyk advisory at https://security.snyk.io/vuln/SNYK-JS-SJCL-15369617. Practitioners using sjcl should update to the patched version and audit ECDH implementations for similar validation gaps.
Details
- CWE(s)