CVE-2026-33894

HIGH 7.5

Forge has signature forgery in RSA-PKCS due to ASN.1 extra field

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

8th

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing “garbage” bytes within the ASN structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This issue is similar to CVE-2022-24771, but adds bytes in an addition field within the ASN structure, rather than outside of it. Additionally, forge does not validate that signatures include a minimum of 8 bytes of padding as defined by the specification, providing attackers additional space to construct Bleichenbacher forgeries. Version 1.4.0 patches the issue.

CWE	CWE-347 CWE-20
Vendor	digitalbazaar
Product	forge
Published	Mar 27, 2026
Last Updated	Mar 31, 2026

Stay Ahead of the Next One

Get instant alerts for digitalbazaar forge

Be the first to know when new high vulnerabilities affecting digitalbazaar forge are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Affected Versions

digitalbazaar / forge

< 1.4.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp datatracker.ietf.org: https://datatracker.ietf.org/doc/html/rfc2313#section-8 mailarchive.ietf.org: https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE rfc-editor.org: https://www.rfc-editor.org/rfc/rfc8017.html