LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-4598

CVE-2026-4598 - Vulnerability Analysis

HighCVSS: 7.5

Last Updated: March 23, 2026

jsrsasign - Denial of Service

Published: March 23, 2026Updated: March 23, 2026PoC AvailableRemote Exploitable

Overview

jsrsasign < 11.1.1 contains an infinite loop vulnerability caused by improper handling of zero or negative inputs in BigInteger.modInverse function in ext/jsbn2.js, letting attackers hang the process permanently, exploit requires crafted input values.

Severity & Score

Severity: High
CVSS Score: 7.5
EPSS Score: 4.2%(Probability of exploitation in next 30 days)

Impact

Attackers can cause the process to hang indefinitely, resulting in denial of service.

Mitigation

Update to version 11.1.1 or later.

References

Social Media Activity(4 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Mar 23, 2026

šŸŸ  CVE-2026-4598 - High (7.5) Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process ... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-4598/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 23, 2026

šŸŸ  CVE-2026-4598 - High (7.5) Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process ... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-4598/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 23, 2026

šŸŸ  CVE-2026-4598 - High (7.5) Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process ... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-4598/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 23, 2026

šŸŸ  CVE-2026-4598 - High (7.5) Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process ... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-4598/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-4598
Severity
High
CVSS Score
7.5
Type
undefined
Status
confirmed
EPSS
4.2%
Social Posts
4

CWE

  • CWE-835

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

4.2%Probability of exploitation in the next 30 days