What is CVE-2026-4602?

CVE-2026-4602 is a high-severity vulnerability in Jsrsasign, classified under Incorrect Conversion between Numeric Types. CVSS score: 7.5/10. Published 2026-03-23.

How severe is CVE-2026-4602?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Jsrsasign

CVE-2026-4602

Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break…

EPSS: 0.001 (23.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P.

Affected products

N/a Jsrsasign — versions 0

Weakness classification (CWE)

CWE-681 — Incorrect Conversion between Numeric Types

References

security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15371175
gist.github.com/Kr0emer/7ecd2be7d17419e4677315ef3758faf5
github.com/kjur/jsrsasign/pull/650
github.com/kjur/jsrsasign/commit/5ea1c32bb2aa894b4bd29849839afe4f98728195

Frequently asked questions

What is CVE-2026-4602?: CVE-2026-4602 is a high-severity vulnerability in Jsrsasign, classified under Incorrect Conversion between Numeric Types. CVSS score: 7.5/10. Published 2026-03-23.
How severe is CVE-2026-4602?: High severity. CVSS v3 base score is 7.5 out of 10.