CVE-2026-4598

ADVISORY - github

Summary

Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values (e.g., modInverse(0, m) or modInverse(-1, m)).

EPSS Score⁠: 0.00051 (0.158)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-835⁠

Loop with Unreachable Exit Condition ('Infinite Loop')

ADVISORY - github

CWE-835⁠

Loop with Unreachable Exit Condition ('Infinite Loop')

ADVISORY - redhat

CWE-1287⁠

Improper Validation of Specified Type of Input

Impacted images

Advisories

NIST

CREATED

8 days ago

UPDATED

8 days ago

ADVISORY IDCVE-2026-4598⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.7high

GitHub

CREATED

8 days ago

UPDATED

2 days ago

ADVISORY IDGHSA-8g7p-jf3g-gxcp⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.7high

Red Hat

CREATED

8 days ago

UPDATED

8 days ago

ADVISORY IDCVE-2026-4598⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.5high