jsrsasign DSA Signing Vulnerability (CVE-2026-4601)
jsrsasign versions before 11.1.1 are vulnerable to a missing cryptographic step in the DSA signing implementation, allowing an attacker to recover the private key by manipulating the signature generation process.
A vulnerability exists in jsrsasign versions prior to 11.1.1, specifically within the KJUR.crypto.DSA.signWithMessageHash function used for DSA signing. This flaw, identified as CVE-2026-4601, stems from a missing cryptographic step during signature generation. An attacker can exploit this by manipulating the process to force either the ‘r’ or ’s’ component of the signature to be zero. When this occurs, the library generates an invalid signature without retry, which then allows the attacker…
Detection coverage 2
Detect jsrsasign DSA Vulnerability Attempt via User-Agent
highDetects attempts to exploit the jsrsasign DSA vulnerability (CVE-2026-4601) by looking for specific patterns in the User-Agent header.
Detect jsrsasign DSA Vulnerability Attempt via HTTP Request
criticalDetects attempts to exploit the jsrsasign DSA vulnerability (CVE-2026-4601) by looking for specific patterns in the HTTP request.
Detection queries are kept inside the platform. Get full rules →