LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-4602

CVE-2026-4602 - Vulnerability Analysis

HighCVSS: 7.5

Last Updated: March 23, 2026

jsrsasign - Cryptographic Signature Bypass

Published: March 23, 2026Updated: March 23, 2026PoC AvailableRemote Exploitable

Overview

jsrsasign < 11.1.1 contains an incorrect conversion between numeric types caused by handling negative exponents in ext/jsbn2.js, letting attackers break signature verification by forcing incorrect modular inverses, exploit requires calling modPow with negative exponent.

Severity & Score

Severity: High
CVSS Score: 7.5
EPSS Score: 4.2%(Probability of exploitation in next 30 days)

Impact

Attackers can break signature verification, potentially allowing forgery or bypass of cryptographic protections.

Mitigation

Update to version 11.1.1 or later.

References

Social Media Activity(4 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Mar 23, 2026

šŸŸ  CVE-2026-4602 - High (7.5) Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signatur... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-4602/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 23, 2026

šŸŸ  CVE-2026-4602 - High (7.5) Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signatur... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-4602/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 23, 2026

šŸŸ  CVE-2026-4602 - High (7.5) Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signatur... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-4602/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 23, 2026

šŸŸ  CVE-2026-4602 - High (7.5) Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signatur... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-4602/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-4602
Severity
High
CVSS Score
7.5
Type
undefined
Status
confirmed
EPSS
4.2%
Social Posts
4

CWE

  • CWE-681

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

4.2%Probability of exploitation in the next 30 days