This page collects WhisperX intelligence signals tagged #node-forge. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security update for the widely-used `node-forge` cryptography library patches a high-severity Denial of Service (DoS) vulnerability. The flaw, tracked as CVE-2026-33891, resides in the `BigInteger.modInverse()` function, which is inherited from the bundled `jsbn` library. When this function is called with a ...
A critical security vulnerability in the widely-used `node-forge` cryptography library allows any leaf certificate to illegitimately act as a Certificate Authority (CA). The flaw, tracked as CVE-2026-33896, resides in the `pki.verifyCertificateChain()` function. It fails to enforce mandatory RFC 5280 `basicConstraints`...
开源加密库 node-forge 于 2026 年 3 月 24 日发布 1.4.0 版本,紧急修复一个高危拒绝服务(DoS)漏洞。该漏洞位于 BigInteger.modInverse() 函数中,当传入零值作为输入时,内部扩展欧几里得算法会进入不可达的退出条件,导致进程无限挂起并持续占用 100% CPU。漏洞由研究人员 Kr0emer 报告,已分配编号 CVE-2026-33891 和 GHSA ID。 node-forge 是 JavaScript 生态中广泛使用的加密工具库,被大量 Web 应用和框架依赖。本次修复直接影响 /zeppelin-web-angular 等依赖该库的项目。漏洞触发条件简单——只需向 modI...
A critical denial-of-service vulnerability in the node-forge cryptographic library has been remediated through an emergency update to version 1.4.0. The flaw, tracked as CVE-2026-33891, resided in the BigInteger.modInverse() function inherited from the bundled jsbn library. When invoked with a zero value, the function'...
The node-forge JavaScript cryptography library has released version 1.4.0, patching a high-severity Denial of Service vulnerability (CVE-2026-33891) in its BigInteger.modInverse() function. The flaw, discovered by researcher Kr0emer, stems from an infinite loop triggered when modInverse() receives a zero value as input...
A high-severity denial-of-service vulnerability has been patched in node-forge, a widely-deployed JavaScript cryptographic library maintained by Digital Bazaar. The flaw, tracked as CVE-2026-33891, exists in the `BigInteger.modInverse()` function—a component inherited from the bundled jsbn library. When this function r...
A critical denial-of-service vulnerability has been identified and patched in node-forge, a widely used JavaScript cryptography library. The flaw, tracked as CVE-2026-33891, exists within the BigInteger.modInverse() function—a component inherited from the bundled jsbn library. Security researcher Kr0emer reported that ...
A high-severity denial-of-service vulnerability has been disclosed in node-forge, a widely-used JavaScript cryptographic library maintained by DigitalBazaar. The flaw, tracked as CVE-2026-33891, enables attackers to trigger an infinite loop in the `BigInteger.modInverse()` function, causing affected processes to hang i...
A high-severity denial of service vulnerability has been patched in node-forge version 1.4.0, addressing a critical flaw that could allow attackers to freeze affected systems. The vulnerability, tracked as CVE-2026-33891, exploits an infinite loop condition in the `BigInteger.modInverse()` function, causing processes t...
A high-severity denial-of-service vulnerability has been patched in node-forge, a widely-used JavaScript cryptography library maintained by DigitalBazaar. The fix, released in version 1.4.0, addresses a critical flaw in the `BigInteger.modInverse()` function that could allow attackers to trigger an infinite loop, causi...