What is CVE-2026-4599?

CVE-2026-4599 is a critical-severity vulnerability in Jsrsasign, classified under CWE-1023. CVSS score: 9.1/10. Published 2026-03-23.

How severe is CVE-2026-4599?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Vulnerability in Jsrsasign

CVE-2026-4599

Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker ca…

EPSS: 0.001 (18.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

N/a Jsrsasign — versions 7.0.0

Weakness classification (CWE)

CWE-1023

References

security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370939
gist.github.com/Kr0emer/081681818b51605c91945126d74b4f20
github.com/kjur/jsrsasign/pull/647
github.com/kjur/jsrsasign/commit/ee4b013478366cb16cea9a4bdfb218b6077f83b1

Frequently asked questions

What is CVE-2026-4599?: CVE-2026-4599 is a critical-severity vulnerability in Jsrsasign, classified under CWE-1023. CVSS score: 9.1/10. Published 2026-03-23.
How severe is CVE-2026-4599?: Critical severity. CVSS v3 base score is 9.1 out of 10.