Skip to main content
Meet us at Black Hat USA 2026— Las Vegas, August 1–6Book a Meeting
Mallory
Back to vulnerabilities
HighPublic exploit

Private key recovery in jsrsasign DSA signing

IdentifiersCVE-2026-4601CWE-325· Missing Cryptographic Step

CVE-2026-4601 affects jsrsasign versions before 11.1.1. The flaw is in the DSA signing implementation, specifically the KJUR.crypto.DSA.signWithMessageHash process. The implementation fails to perform the required retry step when the generated DSA signature component r or s is zero. Instead of discarding the invalid result and regenerating the per-signature value, the library emits an invalid signature. Under conditions where an attacker can force r or s to be zero, the resulting signature leaks enough information for the attacker to solve for the DSA private key x. This is a cryptographic implementation flaw caused by omission of a required validation/retry step during signature generation.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can lead to recovery of the DSA private signing key used by the vulnerable jsrsasign implementation. Once the private key is recovered, an attacker can forge DSA signatures, impersonate the legitimate signer, and compromise the confidentiality and integrity of systems or data that rely on that key for trust decisions. The available information indicates high confidentiality and integrity impact, with no direct availability impact.

Mitigation

If you can’t patch tonight, do this now.

If immediate upgrade is not possible, avoid using the vulnerable DSA signing path in jsrsasign, especially KJUR.crypto.DSA.signWithMessageHash, and disable or replace DSA-based signing operations where feasible. Prefer alternative, unaffected signature algorithms and prevent untrusted parties from influencing the signing process or inputs in ways that could trigger the invalid-signature condition. As a precaution, monitor for suspicious signature activity and plan key rotation for DSA keys that may have been exposed.

Remediation

Patch, then assume compromise.

Upgrade jsrsasign to version 11.1.1 or later, which contains the fix for the DSA signing flaw. The referenced fix is associated with commit 0710e392ec35de697ce11e4219c988ba2b5fe0eb and related pull request #645. Any DSA private keys used with vulnerable versions should be treated as potentially compromised if exposed to exploitable conditions; rotate and replace affected keys after upgrading.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
Jsrsasign ProjectJsrsasignapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

8 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

8 SOURCESView more in app
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity7

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2026-4601
NVD
nvd.nist.gov/vuln/detail/CVE-2026-4601
MITRE CWE · CWE-325
Missing Cryptographic Step
Patch
github.com/kjur/jsrsasign/commit/0710e392ec35de697ce11e4219c988ba2b5fe0eb
Mitigation
gist.github.com/Kr0emer/93789fe6efe5519db9692d4ad1dad586
Third Party Advisory
security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370941
Issue Tracking
github.com/kjur/jsrsasign/pull/645