Sign In

CVE-2026-2739

ADVISORY - github

Summary

This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

ADVISORY - github

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

ADVISORY - redhat

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2026-2739
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-835

CVSS SCORE

5.5medium

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-378v-28hj-76wf
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-835

CVSS SCORE

5.5medium

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2026-2739
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-835

CVSS SCORE

5.3medium