Cyber Resilience

CVE-2026-4601

HighPublic PoCUpdated

Published: 23 March 2026

Published
23 March 2026
Modified
30 June 2026
KEV Added
Patch
CVSS Score v4 8.8 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0022 12.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-4601 is a high-severity Missing Cryptographic Step (CWE-325) vulnerability in Kjur Jsrsasign. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 12.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-4601 affects versions of the jsrsasign JavaScript package prior to 11.1.1, specifically in the KJUR.crypto.DSA.signWithMessageHash process within its DSA signing implementation. The vulnerability stems from a missing cryptographic step (CWE-325), where the library fails to retry signature generation upon producing an invalid signature. This allows an attacker to recover the private key by manipulating the process to force the r or s value in the signature to zero, enabling straightforward mathematical solving for the private key from the emitted invalid signature.

A remote attacker with no privileges or user interaction required can exploit this over the network, though it demands high attack complexity and results in a scope change. Successful exploitation grants high confidentiality and integrity impacts, primarily through private key recovery, which could compromise DSA-based signatures and enable forgery or decryption in affected applications relying on jsrsasign for cryptographic operations.

Advisories and patches, including the fix in jsrsasign commit 0710e392ec35de697ce11e4219c988ba2b5fe0eb and pull request 645, recommend updating to version 11.1.1 or later to address the issue by ensuring proper retry logic for invalid signatures. Snyk's vulnerability report (SNYK-JS-JSRSASIGN-15370941) details the flaw, while a GitHub Gist provides additional technical context on the exploit mechanics.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library…

more

emits an invalid signature without retrying, and then solves for x from the resulting signature.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552.004 Private Keys Credential Access
Adversaries may search for private key certificate files on compromised systems for insecurely stored credentials.
Why these techniques?

Remote network exploitation of the DSA implementation flaw in a library used by applications directly maps to public-facing app exploitation (T1190); successful private key recovery from invalid signatures matches unsecured credential access for private keys (T1552.004).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-41395Shared CWE-325
CVE-2026-22863Shared CWE-325
CVE-2025-47383Shared CWE-325
CVE-2026-4258Shared CWE-325

Affected Assets

kjur
jsrsasign
≤ 11.1.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

preventrecover

Directly mitigates CVE-2026-4601 by requiring timely identification, reporting, and patching of the DSA signing flaw in jsrsasign to version 11.1.1 or later.

prevent

Requires cryptographic protections using vetted modules and mechanisms, preventing reliance on flawed implementations like vulnerable jsrsasign DSA signing that expose private keys.

detect

Enables detection of CVE-2026-4601 in jsrsasign through vulnerability scanning, facilitating proactive remediation of the private key recovery vulnerability.

References