CVE-2026-49440
Undergoing Analysis Undergoing Analysis - In Progress
Deno Runtime Weak Prime Verification Flaw

Publication date: 2026-06-23

Last updated on: 2026-06-23

Assigner: GitHub, Inc.

Description
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, node:crypto.checkPrime(candidate[, options][, callback]) and crypto.checkPrimeSync(candidate[, options]) ran no Miller-Rabin rounds at all when the caller left options.checks at its default of 0. In that mode, the only test applied to the candidate was trial division by the primes up to 17,863. Any composite whose smallest prime factor exceeds that bound β€” for example the product of two primes just above it, such as 17,881 Γ— 17,891 β€” was reported as true ("probably prime"). The same divergence affected the lower-level op_node_check_prime / op_node_check_prime_bytes paths that the polyfill calls into. This vulnerability is fixed in 2.8.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-23
Last Modified
2026-06-23
Generated
2026-06-24
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2026-49440
EUVD
EUVD-2026-38540
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
denoland deno to 2.8.1 (exc)
denoland deno 2.8.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-325 The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability in Deno's crypto.checkPrime functions allowed composite numbers to be incorrectly identified as prime due to skipping Miller-Rabin rounds, which could lead to security failures in cryptographic operations such as key exchange or signature verification.

The issue stemmed from not enforcing the minimum number of Miller-Rabin rounds required by FIPS 186-4 standards, which are commonly referenced in compliance frameworks for cryptographic security.

By not adhering to these cryptographic standards, applications relying on these functions might fail to meet security requirements mandated by regulations like GDPR or HIPAA, which require strong cryptographic protections to ensure confidentiality and integrity of sensitive data.

The fix in version 2.8.1 enforces the minimum Miller-Rabin rounds as per FIPS 186-4, restoring compliance with these cryptographic standards and thereby supporting adherence to relevant regulatory requirements.

Executive Summary

The vulnerability in Deno versions 2.8.0 and earlier involves the `crypto.checkPrime` and `crypto.checkPrimeSync` functions, which are used to test if a number is prime. When the `checks` option was left at its default value of 0, the Miller-Rabin primality test was completely skipped. Instead, only a basic trial division by primes up to 17,863 was performed.

This means that composite numbers made from prime factors larger than 17,863 (for example, the product of two primes just above that limit) could be incorrectly identified as prime. This flaw arose because Deno's implementation did not apply a fallback number of Miller-Rabin rounds, unlike Node.js which uses OpenSSL's FIPS 186-4 compliant defaults.

The vulnerability was fixed in Deno version 2.8.1 by enforcing a minimum number of Miller-Rabin rounds to ensure proper probabilistic primality testing.

Impact Analysis

This vulnerability can impact applications that rely on Deno's `crypto.checkPrime` functions to validate prime numbers, especially in cryptographic operations such as key exchange or signature verification.

Because composite numbers could be falsely identified as prime, attackers might exploit this to introduce weak or invalid cryptographic keys, potentially compromising the confidentiality and integrity of secure communications or data.

The CVSS score of 7.4 (High) reflects significant risks to confidentiality and integrity, though availability is not affected.

Detection Guidance

This vulnerability relates to the incorrect behavior of the `crypto.checkPrime` and `crypto.checkPrimeSync` functions in Deno versions 2.8.0 and earlier, where the Miller-Rabin primality test was skipped if the `checks` option was left at its default of 0.

To detect if your system is vulnerable, you should check the version of Deno installed and whether your code or dependencies use the affected functions without specifying a sufficient number of Miller-Rabin rounds.

Suggested commands to detect the vulnerability include:

  • Run `deno --version` to verify if the installed version is 2.8.0 or earlier.
  • Search your codebase for usage of `crypto.checkPrime` or `crypto.checkPrimeSync` without a `checks` parameter or with `checks` set to 0.
  • If possible, run tests or scripts that call these functions with composite numbers that have prime factors just above 17,863 (e.g., 17,881 Γ— 17,891) to see if they are incorrectly identified as prime.
Mitigation Strategies

To mitigate this vulnerability immediately, you should upgrade Deno to version 2.8.1 or later, where the issue is fixed by enforcing a minimum number of Miller-Rabin rounds.

As a temporary workaround, if upgrading is not immediately possible, explicitly pass a `checks` value of at least 64 to the `crypto.checkPrime` and `crypto.checkPrimeSync` functions to ensure sufficient primality testing.

Review your cryptographic code paths to ensure they do not rely on the default `checks` value of 0, which skips the Miller-Rabin test.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49440. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart