Sign In

CVE-2026-4598

ADVISORY - github

Summary

Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values (e.g., modInverse(0, m) or modInverse(-1, m)).

EPSS Score: 0.00051 (0.158)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

ADVISORY - github

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

ADVISORY - redhat

CWE-1287

Improper Validation of Specified Type of Input

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in