CVE-2026-4600
Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parame
CVSS
7.4
Alto
EPSS
0.2%
p13
KEV
—
Exploit Today
4
0-100
Publicado: 23 mar 2026 · Última mod.: 15 jul 2026 · CWE-347
0.2%EPSS · 30 días0.2%
2026-06-302026-07-18
Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic (and the related DSA/X509 verification flow in src/dsa-2.0.js). An attacker can forge DSA signatures or X.509 certificates that X509.verifySignature() accepts by supplying malicious domain parameters such as g=1, y=1, and a fixed r=1, which make the verification equation true for any hash.
- gist.github.comhttps://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7
- github.comhttps://github.com/kjur/jsrsasign/commit/37b4c06b145c7bfd6bc2a6df5d0a12c56b15ef60
- github.comhttps://github.com/kjur/jsrsasign/pull/646
- security.snyk.iohttps://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-15812268
- security.snyk.iohttps://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370940
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:19375
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:19409
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:19410
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:6568
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:6720
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:6912
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:6926
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2026-4600
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2450208
- gist.github.comhttps://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7
- security.access.redhat.comhttps://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4600.json
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-4855810.0 CRÍ63.6%
KEV—69SimpleHelp Authentication Bypass Vulnerability18dCVE-2026-403729.1 CRÍ95.5%
——29Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.4dCVE-2026-290009.1 CRÍ92.4%
——28pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT with arbitrary subject and role claims, bypassing signature verification to authenticate as any user including administrators.4dCVE-2026-54733—56.1%
——17The Microsoft 365 and Microsoft Entra ID Plugins for Moodle provide Office 365 and Azure Active Directory integration for Moodle. Prior to 4.5.6, 5.0.5, and 5.1.1, the Microsoft Office 365 Integration plugin local_o365 Teams SSO endpoint sso_login.php base64-decodes a JWT payload and authenticates users from the upn claim without verifying the JWT signature, allowing an unauthenticated attacker to forge a token and obtain a Moodle session as an O365-authenticated user. This issue is fixed in versions 4.5.6, 5.0.5, and 5.1.1.2dCVE-2026-33387.5 ALT51.8%
——16Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes.
Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.4dCVE-2026-279629.1 CRÍ42.2%
——13Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass signature verification. When key=None is passed to any JWS deserialization function, the library extracts and uses the cryptographic key embedded in the attacker-controlled JWT jwk header field. An attacker can sign a token with their own private key, embed the matching public key in the header, and have the server accept the forged token as cryptographically valid — bypassing authentication and authorization entirely. This issue has been patched in version 1.6.9.4d