LiveActive security incident?Get immediate response
CVE Record

CVE-2026-33894: Forge has signature forgery in RSA-PKCS due to ASN.1 extra field

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing “garbage” bytes within the ASN structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This issue is similar to CVE-2022-24771, but adds bytes in an addition field within the ASN structure, rather than outside of it. Additionally, forge does not validate that signatures include a minimum of 8 bytes of padding as defined by the specification, providing attackers additional space to construct Bleichenbacher forgeries. Version 1.4.0 patches the issue.

HighCVSS 7.5Not KEV-listedUpdated
Glexia's TakeAutomated analysishigh

Security readout for executives and security teams

Plain-English summary

Forge/node-forge before 1.4.0 may wrongly accept forged RSA signatures in specific PKCS#1 v1.5 verification cases. This is an integrity issue: systems relying on Forge to trust signed data could accept data that was not genuinely signed.

Executive priority

Treat this as high priority where Forge is used to validate trust decisions. Patch dependency versions promptly, with fastest attention on internet-facing or partner-facing systems that accept signed inputs.

Technical view

The flaw is in RSASSA PKCS#1 v1.5 signature verification for low public exponent keys, especially e=3. Forge accepts malformed ASN.1 structures containing extra bytes and also misses the required minimum padding length, enabling Bleichenbacher-style signature forgery. Version 1.4.0 fixes it.

Likely exposure

Exposure is likely in JavaScript applications or bundled products using forge/node-forge before 1.4.0 for RSA-PKCS#1 v1.5 signature verification, especially where externally supplied signatures, certificates, or signed objects are trusted.

Exploitation context

The source bundle does not show CISA KEV listing or active exploitation. The CVSS vector indicates network-reachable, unauthenticated, low-complexity exploitation with high integrity impact, but no confidentiality or availability impact is claimed.

Researcher notes

Evidence supports an implementation-level signature verification flaw similar to CVE-2022-24771, but with malformed bytes inside an ASN.1 field. Public sources identify the patched version, not active exploitation or broader affected products beyond Forge consumers.

Mitigation direction

  • Upgrade forge/node-forge to version 1.4.0 or later.
  • Check vendor advisories, including Red Hat errata, for packaged dependency fixes.
  • Inventory applications and products that bundle forge as a transitive dependency.
  • Prioritize externally exposed signature-verification workflows.
  • Monitor the Forge advisory and CVE record for updated guidance.

Validation and detection

  • Search dependency manifests and lockfiles for forge or node-forge versions before 1.4.0.
  • Confirm deployed runtime dependency trees, not only source manifests.
  • Identify code paths using Forge for RSA-PKCS#1 v1.5 signature verification.
  • Check whether accepted signatures can be supplied by untrusted users or systems.
  • Review vendor product advisories before marking packaged software unaffected.
Prepared
Confidence
high
Sources
11

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-20: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cwe · low confidence lookup

CWE-347: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2026-33894 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
High
CVSS
7.5 (3.1)
Known Exploited
No
Published

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

2CVSS vectors
5Timeline events
2ADP providers
19Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: pocAutomatable: yesTechnical Impact: partial

CVSS vector scores

2 official scores

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
7.5CVSS 3.1HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N3.93.6GitHub_M
7.5CVSS 3.1HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N3.93.6redhat-SADP

Vulnerability scoring details

Base CVSS 3.1 score

7.5High
CVSS 3.1 vector shape for CVE-2026-33894Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. ADP timelineredhat-SADP

    Made public.

  3. CVE publishedCVE Program

    The CVE record was published.

  4. ADP timelineredhat-SADP

    Reported to Red Hat.

  5. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
redhat-SADPnode-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification
other:Red Hat severity ratingcvssV3_1
  • 2026-03-27T21:02:52.462Z: Reported to Red Hat.
  • 2026-03-27T20:45:49.583Z: Made public.

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
digitalbazaarforge< 1.4.0Listed
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-20 · source CWE mapping

Improper Input Validation

Improper Input Validation represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.

CWE-347 · source CWE mapping

Improper Verification of Cryptographic Signature

Improper Verification of Cryptographic Signature represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.