Security Advisory

CVE-2026-4598

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-23 05:00:11

Last updated 2026-03-23 14:37:09

Assigner snyk

State PUBLISHED

Description

Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values (e.g., modInverse(0, m) or modInverse(-1, m)).

← Browse all CVEs View on cve.org ↗