CVE-2026-33895

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Forge (also called node-forge) versions prior to 1.4.0

Description Forge, a native implementation of Transport Layer Security in JavaScript, contains an issue in Ed25519 signature verification. Specifically, the verification process does not properly check if S is greater than L, potentially leading to signature forgery.

Recommendations Update to version 1.4.0 or later.

Exploit

Fix

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

CLEANSTART-2026-BE61221

CVE-2026-33895

GHSA-Q67F-28XG-22RW

Affected Products

Node-Forge

CVE-2026-33895

Weakness Enumeration

Related Identifiers

Affected Products

References · 179