Forge has signature forgery in RSA-PKCS due to ASN.1 extra field

🗓️ 26 Mar 2026 22:02:35Reported by GitHub Advisory DatabaseType

RSA PKCS1 v1.5 forgery via extra ASN.1 field enables Bleichenbacher attack; padding not enforced.

Reporter	Title	Published	Views	Family All 59
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to arbitrary code execution, loss of confidentiality and denial of service	6 May 202613:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses node-forge-1.3.2.tgz, node-forge-1.3.3.tgz which is vulnerable to CVE-2026-33891, CVE-2026-33894, CVE-2026-33895, CVE-2026-33896	5 May 202612:43	–	ibm
IBM Security Bulletins	Security Bulletin: Due to use of node-forge-1.3.1.tgz, IBM Sterling Connect:Direct Web Services is affected by Denial of Service (DoS).	2 Jun 202612:04	–	ibm
ATTACKERKB	CVE-2026-33894	27 Mar 202620:45	–	attackerkb
Chainguard	CVE-2026-33894 vulnerabilities	31 Mar 202619:17	–	cgr
Circl	CVE-2026-33894	26 Mar 202622:02	–	circl
CNNVD	Digital Bazaar Forge 数据伪造问题漏洞	27 Mar 202600:00	–	cnnvd
CVE	CVE-2026-33894	27 Mar 202620:45	–	cve
Cvelist	CVE-2026-33894 Forge has signature forgery in RSA-PKCS due to ASN.1 extra field	27 Mar 202620:45	–	cvelist
NVD	CVE-2026-33894	27 Mar 202621:17	–	nvd

Vulners

Node

node-forgeRange<1.4.0npm

Source	Link
github	www.github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765
github	www.github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp
datatracker	www.datatracker.ietf.org/doc/html/rfc2313
mailarchive	www.mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE
rfc-editor	www.rfc-editor.org/rfc/rfc8017.html
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-33894
github	www.github.com/advisories/GHSA-ppp5-5v6c-4jwp

29 Mar 2026 21:41Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.17.5

EPSS0.00245

SSVC