Description
RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing “garbage” bytes within the ASN structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery.
Recommendation
Update the node-forge package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.4.0
- Patched version(s): 1.4.0
References
- GHSA-ppp5-5v6c-4jwp
- datatracker.ietf.org
- mailarchive.ietf.org
- www.rfc-editor.org
- CVE-2026-33894
- CWE-20
- CWE-347
- CAPEC-310
- OWASP 2021-A2
- OWASP 2021-A3
- OWASP 2021-A6
Related Issues
- Forge has signature forgery in Ed25519 due to missing S > L check - CVE-2026-33895
- Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation) - CVE-2026-33896
- node-forge has an Interpretation Conflict vulnerability via its ASN.1 Validator Desynchronization - CVE-2025-12816
- node-forge has ASN.1 Unbounded Recursion - CVE-2025-66031
- Tags:
- npm
- node-forge
Anything's wrong? Let us know Last updated on March 27, 2026