CVE-2026-4599 | jsrsasign up to 11.1.0 Private Key src/crypto-1.1.js incomplete comparison with missing factors (SNYK-JS-JSRSASIGN-15370939)

A vulnerability categorized as critical has been discovered in jsrsasign up to 11.1.0. This affects the function getRandomBigIntegerZeroToMax/getRandomBigIntegerMinToMax of the file src/crypto-1.1.js of the component Private Key Handler. Executing a manipulation can lead to incomplete comparison with missing factors.

This vulnerability is handled as CVE-2026-4599. The attack can be executed remotely. There is not any exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More