CVE-2026-4598

Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values e.g.,...

PT-2026-27058

Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative...

jsrsasign 安全漏洞

jsrsasign is a signature verification library developed by Kenji Urushima. Versions of jsrsasign prior to 11.1.1 contained security vulnerabilities. These vulnerabilities stemmed from numerical type conversion errors during the handling of negative exponents in the ext/jsbn2.js file, which could...

jsrsasign 安全漏洞

jsrsasign is a signature verification library developed by Kenji Urushima. Versions of jsrsasign prior to 11.1.1 contained security vulnerabilities. These vulnerabilities stemmed from the bnModInverse function in ext/jsbn2.js, which could cause infinite loops when processing zero or negative...