CVE-2026-4601
CVE-2026-4601 affects jsrsasign versions before 11.1.1. The DSA signing path (KJUR.crypto.DSA.signWithMessageHash) suffers a Missing Cryptographic Step, enabling an attacker to recover the private key by forcing r or s to zero and obtaining an invalid signature to solve for x. Reported scores ind...