Product
critical
advisory
jsrsasign DSA Nonce Bias Vulnerability (CVE-2026-4599)
2 rules 1 TTPjsrsasign versions 7.0.0 through 11.1.1 are vulnerable to a DSA nonce bias due to incomplete comparison checks in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions, potentially allowing an attacker to recover the private key.
jsrsasign
DSA
nonce-bias
cryptography
CVE-2026-4599
2r
1t
critical
advisory
jsrsasign DSA Signature Forgery Vulnerability (CVE-2026-4600)
2 rules 1 TTPThe jsrsasign package before version 11.1.1 is vulnerable to cryptographic signature forgery (CVE-2026-4600) due to improper DSA domain-parameter validation, allowing attackers to forge DSA signatures or X.509 certificates, potentially leading to unauthorized access or code execution.
jsrsasign
signature-forgery
dsa
cve-2026-4600
2r
1t