CVE-2026-33894

HIGH

Forge has signature forgery in RSA-PKCS due to ASN.1 extra field

Title source: cna
STIX 2.1

Description

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing “garbage” bytes within the ASN structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This issue is similar to CVE-2022-24771, but adds bytes in an addition field within the ASN structure, rather than outside of it. Additionally, forge does not validate that signatures include a minimum of 8 bytes of padding as defined by the specification, providing attackers additional space to construct Bleichenbacher forgeries. Version 1.4.0 patches the issue.

References (4)

Scores

CVSS v3 7.5
EPSS 0.0004
EPSS Percentile 13.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-20 CWE-347
Status published
Products (2)
digitalbazaar/forge < 1.4.0 (2 CPE variants)
npm/node-forge 0 - 1.4.0npm
Published Mar 27, 2026
Tracked Since Mar 29, 2026