CVE-2026-4601
Published: 23 March 2026
Summary
CVE-2026-4601 is a high-severity Missing Cryptographic Step (CWE-325) vulnerability in Jsrsasign Project Jsrsasign. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2026-4601 by requiring timely identification, reporting, and patching of the DSA signing flaw in jsrsasign to version 11.1.1 or later.
Requires cryptographic protections using vetted modules and mechanisms, preventing reliance on flawed implementations like vulnerable jsrsasign DSA signing that expose private keys.
Enables detection of CVE-2026-4601 in jsrsasign through vulnerability scanning, facilitating proactive remediation of the private key recovery vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote network exploitation of the DSA implementation flaw in a library used by applications directly maps to public-facing app exploitation (T1190); successful private key recovery from invalid signatures matches unsecured credential access for private keys (T1552.004).
NVD Description
Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library…
more
emits an invalid signature without retrying, and then solves for x from the resulting signature.
Deeper analysisAI
CVE-2026-4601 affects versions of the jsrsasign JavaScript package prior to 11.1.1, specifically in the KJUR.crypto.DSA.signWithMessageHash process within its DSA signing implementation. The vulnerability stems from a missing cryptographic step (CWE-325), where the library fails to retry signature generation upon producing an invalid signature. This allows an attacker to recover the private key by manipulating the process to force the r or s value in the signature to zero, enabling straightforward mathematical solving for the private key from the emitted invalid signature.
A remote attacker with no privileges or user interaction required can exploit this over the network, though it demands high attack complexity and results in a scope change. Successful exploitation grants high confidentiality and integrity impacts, primarily through private key recovery, which could compromise DSA-based signatures and enable forgery or decryption in affected applications relying on jsrsasign for cryptographic operations.
Advisories and patches, including the fix in jsrsasign commit 0710e392ec35de697ce11e4219c988ba2b5fe0eb and pull request 645, recommend updating to version 11.1.1 or later to address the issue by ensuring proper retry logic for invalid signatures. Snyk's vulnerability report (SNYK-JS-JSRSASIGN-15370941) details the flaw, while a GitHub Gist provides additional technical context on the exploit mechanics.
Details
- CWE(s)