{ "threat_severity" : "Important", "public_date" : "2026-03-23T05:00:10Z", "bugzilla" : { "description" : "jsrsasign: jsrsasign: Signature verification bypass via negative exponent handling", "id" : "2450206", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2450206" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status" : "verified" }, "cwe" : "CWE-681", "details" : [ "Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative exponent.", "A flaw was found in jsrsasign. A remote attacker can exploit an incorrect conversion between numeric types by providing a negative exponent to the `modPow` function. This vulnerability can force the computation of incorrect modular inverses, which ultimately allows an attacker to bypass signature verification." ], "statement" : "This is an IMPORTANT flaw. The `jsrsasign` library, as used in Red Hat products such as Migration Toolkit for Virtualization and Red Hat Quay, is vulnerable to a signature verification bypass. A remote attacker could provide a specially crafted negative exponent to the `modPow` function, leading to incorrect modular inverse computations and allowing them to bypass signature verification.", "affected_release" : [ { "product_name" : "Migration Toolkit for Virtualization 2.1", "release_date" : "2026-05-19T00:00:00Z", "advisory" : "RHSA-2026:19409", "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2.10::el9", "package" : "migration-toolkit-virtualization/mtv-console-plugin-rhel9:1779139872" }, { "product_name" : "Migration Toolkit for Virtualization 2.9", "release_date" : "2026-05-19T00:00:00Z", "advisory" : "RHSA-2026:19410", "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2.9::el9", "package" : "migration-toolkit-virtualization/mtv-console-plugin-rhel9:1778927462" }, { "product_name" : "Red Hat Quay 3.1", "release_date" : "2026-04-07T00:00:00Z", "advisory" : "RHSA-2026:6912", "cpe" : "cpe:/a:redhat:quay:3.10::el8", "package" : "quay/quay-rhel8:1775169155" }, { "product_name" : "Red Hat Quay 3.12", "release_date" : "2026-04-06T00:00:00Z", "advisory" : "RHSA-2026:6720", "cpe" : "cpe:/a:redhat:quay:3.12::el8", "package" : "quay/quay-rhel8:1775253092" }, { "product_name" : "Red Hat Quay 3.15", "release_date" : "2026-04-03T00:00:00Z", "advisory" : "RHSA-2026:6568", "cpe" : "cpe:/a:redhat:quay:3.15::el8", "package" : "quay/quay-rhel8:1775169219" }, { "product_name" : "Red Hat Quay 3.16", "release_date" : "2026-05-19T00:00:00Z", "advisory" : "RHSA-2026:19375", "cpe" : "cpe:/a:redhat:quay:3.16::el9", "package" : "quay/quay-rhel9:1779204086" }, { "product_name" : "Red Hat Quay 3.9", "release_date" : "2026-04-07T00:00:00Z", "advisory" : "RHSA-2026:6926", "cpe" : "cpe:/a:redhat:quay:3.9::el8", "package" : "quay/quay-rhel8:1775169218" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-4602\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-4602\nhttps://gist.github.com/Kr0emer/7ecd2be7d17419e4677315ef3758faf5\nhttps://github.com/kjur/jsrsasign/commit/5ea1c32bb2aa894b4bd29849839afe4f98728195\nhttps://github.com/kjur/jsrsasign/pull/650\nhttps://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15371175" ], "name" : "CVE-2026-4602", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "lang" : "en:us" }, "csaw" : false }