What is CVE-2026-4601?

CVE-2026-4601 is a high-severity vulnerability in Jsrsasign_project Jsrsasign, classified under Missing Cryptographic Step. CVSS score: 8.7/10. Published 2026-03-23.

How severe is CVE-2026-4601?

High severity. CVSS v3 base score is 8.7 out of 10.

Vulnerability in Jsrsasign_project Jsrsasign

CVE-2026-4601

Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s t…

EPSS: 0.000 (6.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.7 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N.

Affected products

Jsrsasign_project Jsrsasign
N/a Jsrsasign — versions 0

Weakness classification (CWE)

CWE-325 — Missing Cryptographic Step

References

report@snyk.io (Third Party Advisory)
report@snyk.io (Exploit, Third Party Advisory, Mitigation)
report@snyk.io (Issue Tracking)
report@snyk.io (Patch)

Frequently asked questions

What is CVE-2026-4601?: CVE-2026-4601 is a high-severity vulnerability in Jsrsasign_project Jsrsasign, classified under Missing Cryptographic Step. CVSS score: 8.7/10. Published 2026-03-23.
How severe is CVE-2026-4601?: High severity. CVSS v3 base score is 8.7 out of 10.