Infinite Loop Vulnerability in jsrsasign by KJUR
CVE-2026-4598

8.7HIGH

Key Information:

Vendor: KJUR
Status: Jsrsasign
Vendor: CVE Published:; 23 March 2026

What is CVE-2026-4598?

The jsrsasign library, specifically versions prior to 11.1.1, contains a vulnerability in the bnModInverse function. This issue arises when the function receives zero or negative inputs, leading to an infinite loop. Attackers can exploit this flaw by supplying crafted values such as modInverse(0, m) or modInverse(-1, m), effectively causing the process to hang indefinitely. Users of jsrsasign are advised to upgrade to the latest version to mitigate this risk.

Affected Version(s)

jsrsasign 0 < 11.1.1

References

https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370938

https://gist.github.com/Kr0emer/a1bf5cd4547cc630d2dcc5e76...

https://github.com/kjur/jsrsasign/pull/648

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 23, 2026
Vulnerability Reserved
Mar 22, 2026

Credit

Kr0emer

CVE-2026-4598 Data

JSON