Bn.Js · Bn.Js · CVE-2026-2739
**Name of the Vulnerable Software and Affected Versions**
bn.js versions prior to 5.2.3
**Description**
The bn.js package is susceptible to a state corruption issue. Calling the `maskn(0)` function on any BN instance corrupts the internal state. This corruption causes methods like `toString()`, `divmod()`, and others to enter an infinite loop, resulting in a process hang.
**Recommendations**
Update bn.js to version 5.2.3 or later.