jsrsasign: Negative Exponent Handling Leads to Signature Verification Bypass

Severity:: High

Description

Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative exponent.

Recommendation

Update the jsrsasign package to the latest compatible version. Followings are version details:

Affected version(s): < 11.1.1
Patched version(s): 11.1.1

References

GHSA-8qwj-4jxw-m8jw
security.snyk.io
CVE-2026-4602
CWE-681
CAPEC-310
OWASP 2021-A6

Related Issues

OpenLearnX: Critical Authentication Bypass via JWT Signature Verification Disabled Leading to Account Takeover - CVE-2026-44720
LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash - CVE-2026-33285
Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation) - CVE-2026-33896
jsrsasign is vulnerable to DoS through Infinite Loop when processing zero or negative inputs - CVE-2026-4598

Apache and Express Path Traversal plus Nginx Restriction Bypass Tests with SmartScanner

10 Secure Coding Best Practices to Follow in Every Project

Update Cheat Sheet for Developers

Tags:: npm; jsrsasign

Anything's wrong? Let us know Last updated on March 30, 2026