CVE-2026-33891 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) vulnera…
High CVSS: 7.5

CVE-2026-33891

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU. Version 1.4.0 patches the issue.
Vendor
-
Product
-
CWE
CWE-835
Yayın Tarihi
2026-03-27 21:17:25
Güncelleme
2026-03-30 13:26:07
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-835 HIGH 2026

Referanslar

https://github.com/digitalbazaar/forge/commit/9bb8d67b99d17e4ebb5fd7596cd699e11f25d023 https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx