2 matches found
CVE-2026-4600
A flaw was found in jsrsasign. An attacker can exploit improper verification of cryptographic signatures by supplying malicious domain parameters during the Digital Signature Algorithm DSA validation process. This allows the attacker to forge DSA signatures or X.509 certificates, which would then...
CVE-2026-4600
Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow in src/dsa-2.0.js. An attacker can forge DSA signatures or X.509...