LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-4601

CVE-2026-4601 - Vulnerability Analysis

HighCVSS: 8.7

Last Updated: March 23, 2026

jsrsasign - Weak Cryptography

Published: March 23, 2026Updated: March 23, 2026Remote Exploitable

Overview

jsrsasign < 11.1.1 contains a missing cryptographic step caused by improper handling of zero values in DSA signing implementation, letting attackers recover private keys by forcing r or s to zero, exploit requires crafted signature inputs.

Severity & Score

Severity: High
CVSS Score: 8.7
EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Attackers can recover private keys, compromising cryptographic security and enabling signature forgery.

Mitigation

Update to version 11.1.1 or later.

References

Social Media Activity(4 posts)

Offensive Sequence
Offensive Sequence
@offseq
Mar 23, 2026

šŸ›”ļø CVE-2026-4601: CRITICAL bug in jsrsasign <11.1.1 misses a vital DSA signing step, letting attackers recover private keys if exploited. No active attacks yet, but update ASAP! Details: https://radar.offseq.com/threat/cve-2026-4601-missing-cryptographic-step-in-jsrsas-1b19c447 #OffSeq #CVE20264601 #Crypto #Vuln

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 23, 2026

šŸŸ  CVE-2026-4601 - High (8.7) Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zer... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-4601/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
Offensive Sequence
Offensive Sequence
@offseq
Mar 23, 2026

šŸ›”ļø CVE-2026-4601: CRITICAL bug in jsrsasign <11.1.1 misses a vital DSA signing step, letting attackers recover private keys if exploited. No active attacks yet, but update ASAP! Details: https://radar.offseq.com/threat/cve-2026-4601-missing-cryptographic-step-in-jsrsas-1b19c447 #OffSeq #CVE20264601 #Crypto #Vuln

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 23, 2026

šŸŸ  CVE-2026-4601 - High (8.7) Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zer... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-4601/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-4601
Severity
High
CVSS Score
8.7
Type
weak_cryptography
Status
new
EPSS
0.0%
Social Posts
4

CWE

  • CWE-325

CVSS Metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

EPSS Score

0.0%Probability of exploitation in the next 30 days