CVE-2026-4600
Improper DSA Signature Verification in jsrsasign Before
Publication date: 2026-03-23
Last updated on: 2026-04-29
Assigner: Snyk
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jsrsasign_project | jsrsasign | to 11.1.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-347 | The product does not verify, or incorrectly verifies, the cryptographic signature for data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-4600 is a critical vulnerability in the jsrsasign library affecting versions before 11.1.1. It arises from improper verification of DSA (Digital Signature Algorithm) domain parameters during public key import and signature verification. Specifically, the library fails to validate key parameters such as the generator parameter g and the public key y, allowing an attacker to supply malicious values like g=1 and y=1.
Because of this flaw, the signature verification equation always evaluates as true for any message hash when the forged signature uses a fixed r=1. This means an attacker can forge DSA signatures or X.509 certificates that the verification function accepts as valid, effectively enabling universal signature forgery without brute force or collision attacks.
The root cause is the lack of strict validation checks on the DSA domain parameters, which should ensure that 1 < g < p, g^q mod p = 1, and 1 < y < p. The vulnerability affects any application using jsrsasign for DSA signature or X.509 certificate verification, especially in scenarios where the signer provides their own public key and domain parameters.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability allows an attacker to forge digital signatures and X.509 certificates that will be accepted as valid by the jsrsasign library. This can lead to significant security breaches including unauthorized access, impersonation, and data integrity violations.'}, {'type': 'paragraph', 'content': 'Because the verification equation always returns true for any hash with the malicious parameters, attackers can bypass cryptographic signature checks without needing to break the underlying cryptographic algorithms.'}, {'type': 'paragraph', 'content': "The impact includes compromise of confidentiality and integrity of systems relying on jsrsasign for DSA signature verification, especially in federated identity systems, JSON Web Signatures with embedded keys, or any 'bring your own key' verification flows."}, {'type': 'paragraph', 'content': 'The vulnerability can be exploited remotely without privileges or user interaction, although the attack complexity is high due to the need to bypass certain security measures.'}] [1, 3, 4]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by identifying usage of vulnerable versions of the jsrsasign library (versions before 11.1.1) that do not validate DSA domain parameters properly.'}, {'type': 'paragraph', 'content': 'Detection involves checking if the application uses jsrsasign for DSA signature or X.509 certificate verification, especially in scenarios where public keys and domain parameters are provided by external or untrusted sources.'}, {'type': 'paragraph', 'content': 'Since the vulnerability arises from acceptance of malicious DSA domain parameters such as g=1, y=1, and r=1 in signatures, detection can include monitoring or logging signature verification failures or suspiciously accepted signatures with these parameters.'}, {'type': 'paragraph', 'content': 'No specific network or system commands are provided in the resources, but you can audit your codebase or dependencies by running commands like:'}, {'type': 'list_item', 'content': 'npm list jsrsasign'}, {'type': 'list_item', 'content': "grep -r 'KJUR.crypto.DSA.setPublic' ./your_project_directory"}, {'type': 'paragraph', 'content': 'Additionally, you can review logs or implement custom validation checks to detect if any DSA signatures or certificates are accepted with suspicious domain parameters (e.g., g=1, y=1).'}] [1, 3]
What immediate steps should I take to mitigate this vulnerability?
The primary and immediate mitigation step is to upgrade the jsrsasign library to version 11.1.1 or later, where the vulnerability has been fixed by enforcing strict validation of DSA domain parameters.
The fix includes validating that the DSA parameters satisfy:
- 1 < g < p
- g^q mod p = 1
- 1 < y < p
Any keys failing these checks are rejected, preventing the acceptance of forged signatures or certificates.
If upgrading immediately is not possible, consider implementing additional validation on DSA domain parameters in your application code to reject suspicious keys or signatures with parameters like g=1 or y=1.
Also, audit your systems for any usage of vulnerable jsrsasign versions and avoid accepting untrusted public keys or certificates without proper validation.