CVE-2026-4602

ADVISORY - github

Summary

Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative exponent.

EPSS Score⁠: 0.00051 (0.158)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-681⁠

Incorrect Conversion between Numeric Types

ADVISORY - github

CWE-681⁠

Incorrect Conversion between Numeric Types

ADVISORY - redhat

CWE-681⁠

Incorrect Conversion between Numeric Types

Impacted images

Advisories

NIST

CREATED

8 days ago

UPDATED

8 days ago

ADVISORY IDCVE-2026-4602⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.7high

GitHub

CREATED

8 days ago

UPDATED

15 hours ago

ADVISORY IDGHSA-8qwj-4jxw-m8jw⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.7high

Red Hat

CREATED

8 days ago

UPDATED

8 days ago

ADVISORY IDCVE-2026-4602⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.5high