CVE-2026-4600
Received Received - Intake
Improper DSA Signature Verification in jsrsasign Before

Publication date: 2026-03-23

Last updated on: 2026-04-29

Assigner: Snyk

Description
Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic (and the related DSA/X509 verification flow in src/dsa-2.0.js). An attacker can forge DSA signatures or X.509 certificates that X509.verifySignature() accepts by supplying malicious domain parameters such as g=1, y=1, and a fixed r=1, which make the verification equation true for any hash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-23
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-23
EPSS Evaluated
2026-06-14
NVD
CVE-2026-4600
EUVD
EUVD-2026-14375
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jsrsasign_project jsrsasign to 11.1.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-347 The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-4600 is a critical vulnerability in the jsrsasign library affecting versions before 11.1.1. It arises from improper verification of DSA (Digital Signature Algorithm) domain parameters during public key import and signature verification. Specifically, the library fails to validate key parameters such as the generator parameter g and the public key y, allowing an attacker to supply malicious values like g=1 and y=1.

Because of this flaw, the signature verification equation always evaluates as true for any message hash when the forged signature uses a fixed r=1. This means an attacker can forge DSA signatures or X.509 certificates that the verification function accepts as valid, effectively enabling universal signature forgery without brute force or collision attacks.

The root cause is the lack of strict validation checks on the DSA domain parameters, which should ensure that 1 < g < p, g^q mod p = 1, and 1 < y < p. The vulnerability affects any application using jsrsasign for DSA signature or X.509 certificate verification, especially in scenarios where the signer provides their own public key and domain parameters.

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability allows an attacker to forge digital signatures and X.509 certificates that will be accepted as valid by the jsrsasign library. This can lead to significant security breaches including unauthorized access, impersonation, and data integrity violations.'}, {'type': 'paragraph', 'content': 'Because the verification equation always returns true for any hash with the malicious parameters, attackers can bypass cryptographic signature checks without needing to break the underlying cryptographic algorithms.'}, {'type': 'paragraph', 'content': "The impact includes compromise of confidentiality and integrity of systems relying on jsrsasign for DSA signature verification, especially in federated identity systems, JSON Web Signatures with embedded keys, or any 'bring your own key' verification flows."}, {'type': 'paragraph', 'content': 'The vulnerability can be exploited remotely without privileges or user interaction, although the attack complexity is high due to the need to bypass certain security measures.'}] [1, 3, 4]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by identifying usage of vulnerable versions of the jsrsasign library (versions before 11.1.1) that do not validate DSA domain parameters properly.'}, {'type': 'paragraph', 'content': 'Detection involves checking if the application uses jsrsasign for DSA signature or X.509 certificate verification, especially in scenarios where public keys and domain parameters are provided by external or untrusted sources.'}, {'type': 'paragraph', 'content': 'Since the vulnerability arises from acceptance of malicious DSA domain parameters such as g=1, y=1, and r=1 in signatures, detection can include monitoring or logging signature verification failures or suspiciously accepted signatures with these parameters.'}, {'type': 'paragraph', 'content': 'No specific network or system commands are provided in the resources, but you can audit your codebase or dependencies by running commands like:'}, {'type': 'list_item', 'content': 'npm list jsrsasign'}, {'type': 'list_item', 'content': "grep -r 'KJUR.crypto.DSA.setPublic' ./your_project_directory"}, {'type': 'paragraph', 'content': 'Additionally, you can review logs or implement custom validation checks to detect if any DSA signatures or certificates are accepted with suspicious domain parameters (e.g., g=1, y=1).'}] [1, 3]

Mitigation Strategies

The primary and immediate mitigation step is to upgrade the jsrsasign library to version 11.1.1 or later, where the vulnerability has been fixed by enforcing strict validation of DSA domain parameters.

The fix includes validating that the DSA parameters satisfy:

  • 1 < g < p
  • g^q mod p = 1
  • 1 < y < p

Any keys failing these checks are rejected, preventing the acceptance of forged signatures or certificates.

If upgrading immediately is not possible, consider implementing additional validation on DSA domain parameters in your application code to reject suspicious keys or signatures with parameters like g=1 or y=1.

Also, audit your systems for any usage of vulnerable jsrsasign versions and avoid accepting untrusted public keys or certificates without proper validation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4600. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart