{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4258", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "state": "PUBLISHED", "assignerShortName": "snyk", "dateReserved": "2026-03-16T10:00:53.239Z", "datePublished": "2026-03-17T05:00:04.199Z", "dateUpdated": "2026-03-17T13:22:11.049Z"}, "containers": {"cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P"}, "cvssV4_0": {"version": "4.0", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"}}], "credits": [{"value": "Kr0emer", "lang": "en"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-347", "description": "Improper Verification of Cryptographic Signature", "lang": "en"}]}], "providerMetadata": {"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2026-03-17T05:00:04.199Z"}, "descriptions": [{"value": "All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The dhJavaEc() function directly returns the raw x-coordinate of the scalar multiplication result (no hashing), providing a plaintext oracle without requiring any decryption feedback.", "lang": "en"}], "references": [{"url": "https://security.snyk.io/vuln/SNYK-JS-SJCL-15369617"}, {"url": "https://gist.github.com/Kr0emer/2560f98edb10b0b34f2438cd63913c47"}, {"url": "https://github.com/bitwiseshiftleft/sjcl/blob/master/core/ecc.js%23L454-L461"}, {"url": "https://github.com/bitwiseshiftleft/sjcl/commit/ee307459972442a17beebc29dc331fffd8aff796"}], "affected": [{"product": "sjcl", "versions": [{"version": "0", "lessThan": "*", "status": "affected", "versionType": "semver"}], "vendor": "n/a"}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-325", "lang": "en", "description": "CWE-325 Missing Cryptographic Step"}]}], "references": [{"url": "https://gist.github.com/Kr0emer/2560f98edb10b0b34f2438cd63913c47", "tags": ["exploit"]}, {"url": "https://security.snyk.io/vuln/SNYK-JS-SJCL-15369617", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-17T13:22:02.709429Z", "id": "CVE-2026-4258", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T13:22:11.049Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4258", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-17T13:22:02.709429Z"}}}], "references": [{"url": "https://gist.github.com/Kr0emer/2560f98edb10b0b34f2438cd63913c47", "tags": ["exploit"]}, {"url": "https://security.snyk.io/vuln/SNYK-JS-SJCL-15369617", "tags": ["exploit"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-325", "description": "CWE-325 Missing Cryptographic Step"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T13:21:33.775Z"}}], "cna": {"credits": [{"lang": "en", "value": "Kr0emer"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "confidentialityImpact": "HIGH"}, "cvssV4_0": {"version": "4.0", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "exploitMaturity": "PROOF_OF_CONCEPT", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "n/a", "product": "sjcl", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "semver"}]}], "references": [{"url": "https://security.snyk.io/vuln/SNYK-JS-SJCL-15369617"}, {"url": "https://gist.github.com/Kr0emer/2560f98edb10b0b34f2438cd63913c47"}, {"url": "https://github.com/bitwiseshiftleft/sjcl/blob/master/core/ecc.js%23L454-L461"}, {"url": "https://github.com/bitwiseshiftleft/sjcl/commit/ee307459972442a17beebc29dc331fffd8aff796"}], "descriptions": [{"lang": "en", "value": "All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The dhJavaEc() function directly returns the raw x-coordinate of the scalar multiplication result (no hashing), providing a plaintext oracle without requiring any decryption feedback."}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-347", "description": "Improper Verification of Cryptographic Signature"}]}], "providerMetadata": {"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2026-03-17T05:00:04.199Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4258", "state": "PUBLISHED", "dateUpdated": "2026-03-17T13:22:11.049Z", "dateReserved": "2026-03-16T10:00:53.239Z", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "datePublished": "2026-03-17T05:00:04.199Z", "assignerShortName": "snyk"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bitwiseshiftleft:stanford_javascript_crypto_library:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "2047B9DC-A7EE-46A6-A484-066411066757", "versionEndIncluding": "1.0.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The dhJavaEc() function directly returns the raw x-coordinate of the scalar multiplication result (no hashing), providing a plaintext oracle without requiring any decryption feedback."}, {"lang": "es", "value": "Todas las versiones del paquete sjcl son vulnerables a la Verificaci\u00f3n Incorrecta de Firma Criptogr\u00e1fica debido a la falta de validaci\u00f3n de punto en curva en sjcl.ecc.basicKey.publicKey(). Un atacante puede recuperar la clave privada ECDH de una v\u00edctima enviando claves p\u00fablicas fuera de curva manipuladas y observando las salidas ECDH. La funci\u00f3n dhJavaEc() devuelve directamente la coordenada x sin procesar del resultado de la multiplicaci\u00f3n escalar (sin hashing), proporcionando un or\u00e1culo de texto plano sin requerir ninguna retroalimentaci\u00f3n de descifrado."}], "id": "CVE-2026-4258", "lastModified": "2026-06-03T14:47:21.340", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-03-17T06:16:18.590", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory", "Exploit", "Mitigation"], "url": "https://gist.github.com/Kr0emer/2560f98edb10b0b34f2438cd63913c47"}, {"source": "[email protected]", "tags": ["Broken Link"], "url": "https://github.com/bitwiseshiftleft/sjcl/blob/master/core/ecc.js%23L454-L461"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/bitwiseshiftleft/sjcl/commit/ee307459972442a17beebc29dc331fffd8aff796"}, {"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"], "url": "https://security.snyk.io/vuln/SNYK-JS-SJCL-15369617"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Third Party Advisory", "Exploit", "Mitigation"], "url": "https://gist.github.com/Kr0emer/2560f98edb10b0b34f2438cd63913c47"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"], "url": "https://security.snyk.io/vuln/SNYK-JS-SJCL-15369617"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-325"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,*]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}]}, "original": {"product": "sjcl", "source": "cna", "vendor": "n/a"}, "product": "sjcl", "vendor": "bitwiseshiftleft"}], "analysis": {"en": {"generated_at": "2026-03-17T17:50:34.432024+00:00", "value": {"mitigation_remediation": ["Upgrade sjcl to a version that includes point\u2011on\u2011curve validation and hashes the ECDH output, as indicated by commit ee307459972442a17beebc29dc331fffd8aff796.", "If no patched release is available, replace the dhJavaEc() implementation with a custom routine that validates the EC point and hashes the raw output before use.", "Remove sjcl usage from any critical components until a patched version is deployed or alternative cryptographic libraries are adopted."], "summary": {"action": "Patch Immediately", "impact": "Private Key Compromise"}, "threat_synthesis": {"affected_systems": "All releases of the sjcl JavaScript cryptography library are affected; the CVE description explicitly states \"All versions of the package sjcl are vulnerable\". Any application that utilizes sjcl\u2019s ECDH functions, especially dhJavaEc(), is subject to this flaw. No vendor\u2011specific version information beyond the library itself is provided.", "description_and_impact": "The vulnerability arises from missing point\u2011on\u2011curve validation in the function sjcl.ecc.basicKey.publicKey(), as detailed in the CVE description. An attacker can send crafted off\u2011curve public keys to the library and observe the raw x\u2011coordinate output of dhJavaEc(). This plaintext oracle permits extraction of a victim\u2019s ECDH private key, thereby compromising the confidentiality of any data protected with that key. The weakness is classified under CWE\u2011325 (Improper Validation) and CWE\u2011347 (Invalid Algorithm Parameter).", "risk_and_exploitability": "With a CVSS score of 8.7 the vulnerability is high severity, yet the EPSS score of less than 1% indicates a low probability of exploitation in the present threat landscape. The CVE notes that the issue is not listed in CISA\u2019s KEV catalog. The likely attack vector is remote: an adversary who can supply a public key to the library\u2014such as through client\u2011side or server\u2011side JavaScript execution\u2014can exploit the missing validation and obtain the private key by observing ECDH outputs; this inference is based on the description of the oracle provided in the CVE."}}}}, "created": "2026-03-17T09:51:55.385084+00:00", "updated": "2026-03-24T10:49:33.716162+00:00", "vendors": ["bitwiseshiftleft", "bitwiseshiftleft$PRODUCT$sjcl"]}