CVE-2026-4600

Name of the Vulnerable Software and Affected Versions jsrsasign versions prior to 11.1.1

Description The software is susceptible to an issue involving improper verification of cryptographic signatures. This occurs due to inadequate validation of domain parameters within the DSA (Digital Signature Algorithm) implementation, specifically in the KJUR.crypto.DSA.setPublic function and related X509 verification processes in src/dsa-2.0.js. An attacker can exploit this by providing malicious domain parameters, such as setting g and y to 1 and r to 1, which allows the forging of DSA signatures or X.509 certificates that the X509.verifySignature() function will incorrectly accept.

Recommendations Update jsrsasign to version 11.1.1 or later.