What is CVE-2026-4603?

CVE-2026-4603 is a medium-severity vulnerability in Jsrsasign_project Jsrsasign, classified under Divide By Zero. CVSS score: 5.9/10. Published 2026-03-23.

How severe is CVE-2026-4603?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Vulnerability in Jsrsasign_project Jsrsasign

CVE-2026-4603

Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key…

EPSS: 0.000 (1.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L.

Affected products

Jsrsasign_project Jsrsasign
N/a Jsrsasign — versions 0

Weakness classification (CWE)

CWE-369 — Divide By Zero

References

report@snyk.io (Third Party Advisory)
report@snyk.io (Exploit, Third Party Advisory, Mitigation)
report@snyk.io (Patch)
report@snyk.io (Issue Tracking)

Frequently asked questions

What is CVE-2026-4603?: CVE-2026-4603 is a medium-severity vulnerability in Jsrsasign_project Jsrsasign, classified under Divide By Zero. CVSS score: 5.9/10. Published 2026-03-23.
How severe is CVE-2026-4603?: Medium severity. CVSS v3 base score is 5.9 out of 10.