CVE-2026-33894

Name of the Vulnerable Software and Affected Versions Forge versions prior to 1.4.0

Description Forge, a native implementation of Transport Layer Security in JavaScript, has a flaw in its RSASSA PKCS#1 v1.5 signature verification process. This issue allows attackers to forge signatures for keys with a low public exponent (e=3) by inserting “garbage” bytes within the ASN.1 structure. This enables a Bleichenbacher-style forgery. The issue is similar to a previously known issue but differs in how the extra bytes are added. Additionally, Forge does not enforce the minimum 8-byte padding requirement as defined by the specification, providing attackers with more space to construct forgeries. A proof-of-concept demonstrates that a forged signature can be created that is accepted by Forge but rejected by Node/OpenSSL. The vulnerability affects deployments using the default settings for key verification, specifically when parseAllDigestBytes is set to true.

Recommendations Update to Forge version 1.4.0 or later to address this vulnerability.