CVE-2026-4599
Published: 23 March 2026
Summary
CVE-2026-4599 is a critical-severity Incomplete Comparison with Missing Factors (CWE-1023) vulnerability in Jsrsasign Project Jsrsasign. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2026-4599 by requiring timely flaw remediation through upgrading vulnerable jsrsasign versions to 11.1.1 or later.
Detects the presence of vulnerable jsrsasign package versions via vulnerability scanning of software dependencies and inventories.
Prevents exploitation by mandating FIPS-validated cryptographic modules, avoiding flawed implementations like jsrsasign's biased DSA nonce generation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated exploitation of the DSA nonce bias flaw in a public-facing application directly matches T1190; successful exploitation yields private-key recovery, matching T1212.
NVD Description
Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect compareTo checks that…
more
accept out-of-range candidates and thus bias DSA nonces during signature generation.
Deeper analysisAI
CVE-2026-4599 is an incomplete comparison vulnerability (CWE-1023) affecting versions of the jsrsasign JavaScript package from 7.0.0 up to but not including 11.1.1. The issue resides in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions within src/crypto-1.1.js, where incorrect compareTo checks accept out-of-range candidates. This flaw leads to biased DSA nonces during signature generation, enabling private key recovery. The vulnerability carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating critical severity.
A remote, unauthenticated attacker can exploit this vulnerability by targeting applications using the affected jsrsasign versions for DSA signature generation. By leveraging the biased nonce generation, the attacker can recover the private key after observing a sufficient number of signatures, compromising confidentiality and integrity of signed data without requiring user interaction or privileges.
Advisories and patches, including the jsrsasign GitHub commit ee4b013478366cb16cea9a4bdfb218b6077f83b1 and pull request #647, address the issue by fixing the compareTo checks in the random big integer functions. Security resources like Snyk (SNYK-JS-JSRSASIGN-15370939) recommend upgrading to jsrsasign version 11.1.1 or later to mitigate the vulnerability. A proof-of-concept is available in the referenced GitHub Gist.
Details
- CWE(s)