{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/dsa/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["jsrsasign","dsa","missing-cryptographic-step","CVE-2026-4601"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA vulnerability exists in jsrsasign versions prior to 11.1.1, specifically within the \u003ccode\u003eKJUR.crypto.DSA.signWithMessageHash\u003c/code\u003e function used for DSA signing. This flaw, identified as CVE-2026-4601, stems from a missing cryptographic step during signature generation. An attacker can exploit this by manipulating the process to force either the \u0026lsquo;r\u0026rsquo; or \u0026rsquo;s\u0026rsquo; component of the signature to be zero. When this occurs, the library generates an invalid signature without retry, which then allows the attacker…\u003c/p\u003e\n","date_modified":"2026-03-23T06:16:21Z","date_published":"2026-03-23T06:16:21Z","id":"/briefs/2026-03-jsrsasign-dsa/","summary":"jsrsasign versions before 11.1.1 are vulnerable to a missing cryptographic step in the DSA signing implementation, allowing an attacker to recover the private key by manipulating the signature generation process.","title":"jsrsasign DSA Signing Vulnerability (CVE-2026-4601)","url":"https://feed.craftedsignal.io/briefs/2026-03-jsrsasign-dsa/"}],"language":"en","title":"CraftedSignal Threat Feed — Dsa","version":"https://jsonfeed.org/version/1.1"}