CVE-2026-33895: CWE-347: Improper Verification of Cryptographic Signature in digitalbazaar forge
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order (`S >= L`). A valid signature and its `S + L` variant both verify in forge, while Node.js `crypto.verify` (OpenSSL-backed) rejects the `S + L` variant, as defined by the specification. This class of signature malleability has been exploited in practice to bypass authentication and authorization logic (see CVE-2026-25793, CVE-2022-35961). Applications relying on signature uniqueness (i.e., dedup by signature bytes, replay tracking, signed-object canonicalization checks) may be bypassed. Version 1.4.0 patches the issue.
AI Analysis
Technical Summary
The digitalbazaar forge library (node-forge) implements TLS in JavaScript. Before version 1.4.0, its Ed25519 signature verification incorrectly accepts signatures where the scalar S component is not reduced modulo the group order (S >= L). This means both a valid signature and its S + L variant verify successfully, violating the Ed25519 specification. This flaw enables signature malleability, which can be exploited to bypass authentication or authorization logic in applications that depend on unique signatures for deduplication, replay protection, or canonicalization. The issue is fixed in version 1.4.0.
Potential Impact
The vulnerability can lead to bypass of authentication and authorization controls in applications using forge's Ed25519 signature verification prior to version 1.4.0. Specifically, attackers can exploit signature malleability to circumvent mechanisms relying on signature uniqueness, such as replay tracking or signed object canonicalization. There is no indication of active exploitation in the wild at this time.
Mitigation Recommendations
Upgrade to digitalbazaar forge version 1.4.0 or later, which patches this improper signature verification issue. Since this is a library vulnerability, applications should update their dependencies accordingly to ensure proper cryptographic signature validation.
CVE-2026-33895: CWE-347: Improper Verification of Cryptographic Signature in digitalbazaar forge
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order (`S >= L`). A valid signature and its `S + L` variant both verify in forge, while Node.js `crypto.verify` (OpenSSL-backed) rejects the `S + L` variant, as defined by the specification. This class of signature malleability has been exploited in practice to bypass authentication and authorization logic (see CVE-2026-25793, CVE-2022-35961). Applications relying on signature uniqueness (i.e., dedup by signature bytes, replay tracking, signed-object canonicalization checks) may be bypassed. Version 1.4.0 patches the issue.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The digitalbazaar forge library (node-forge) implements TLS in JavaScript. Before version 1.4.0, its Ed25519 signature verification incorrectly accepts signatures where the scalar S component is not reduced modulo the group order (S >= L). This means both a valid signature and its S + L variant verify successfully, violating the Ed25519 specification. This flaw enables signature malleability, which can be exploited to bypass authentication or authorization logic in applications that depend on unique signatures for deduplication, replay protection, or canonicalization. The issue is fixed in version 1.4.0.
Potential Impact
The vulnerability can lead to bypass of authentication and authorization controls in applications using forge's Ed25519 signature verification prior to version 1.4.0. Specifically, attackers can exploit signature malleability to circumvent mechanisms relying on signature uniqueness, such as replay tracking or signed object canonicalization. There is no indication of active exploitation in the wild at this time.
Mitigation Recommendations
Upgrade to digitalbazaar forge version 1.4.0 or later, which patches this improper signature verification issue. Since this is a library vulnerability, applications should update their dependencies accordingly to ensure proper cryptographic signature validation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-24T15:41:47.490Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69c6efce3c064ed76ff462eb
Added to database: 3/27/2026, 8:59:58 PM
Last enriched: 4/4/2026, 10:50:29 AM
Last updated: 5/11/2026, 6:15:26 AM
Views: 120
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.