CVE-2026-27452

ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules (BER) and Distinguished Encoding Rules (DER). In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the underlying ArrayBuffer. This issue is expected to be fixed in version 11.0.6.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/JonathanWilbur/asn1-ts/security/advisories/GHSA-h5rw-vxjr-8q79	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:jonathanwilbur:asn1-ts:*:*:*:*:*:node.js:*:*

History

03 Mar 2026, 17:28

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
First Time		Jonathanwilbur Jonathanwilbur asn1-ts
Summary		(es) Biblioteca ESM de TypeScript para ASN.1, incluyendo códecs para las Reglas Básicas de Codificación (BER) y las Reglas de Codificación Distinguida (DER). En las versiones 11.0.5 e inferiores, en algunos casos, la decodificación de un INTEGER podría filtrar el ArrayBuffer subyacente. Se espera que este problema se solucione en la versión 11.0.6.
CPE		cpe:2.3:a:jonathanwilbur:asn1-ts::::::node.js::*
References	~~() https://github.com/JonathanWilbur/asn1-ts/security/advisories/GHSA-h5rw-vxjr-8q79 -~~	() https://github.com/JonathanWilbur/asn1-ts/security/advisories/GHSA-h5rw-vxjr-8q79 - Vendor Advisory

21 Feb 2026, 07:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-21 07:16

Updated : 2026-03-03 17:28

NVD link : CVE-2026-27452

Mitre link : CVE-2026-27452

CVE.ORG link : CVE-2026-27452

JSON object : View

Products Affected

jonathanwilbur

asn1-ts

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2026-27452", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-21T07:16:13.210", "references": [{"url": "https://github.com/JonathanWilbur/asn1-ts/security/advisories/GHSA-h5rw-vxjr-8q79", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules (BER) and Distinguished Encoding Rules (DER). In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the underlying ArrayBuffer. This issue is expected to be fixed in version 11.0.6."}, {"lang": "es", "value": "Biblioteca ESM de TypeScript para ASN.1, incluyendo c\u00f3decs para las Reglas B\u00e1sicas de Codificaci\u00f3n (BER) y las Reglas de Codificaci\u00f3n Distinguida (DER). En las versiones 11.0.5 e inferiores, en algunos casos, la decodificaci\u00f3n de un INTEGER podr\u00eda filtrar el ArrayBuffer subyacente. Se espera que este problema se solucione en la versi\u00f3n 11.0.6."}], "lastModified": "2026-03-03T17:28:50.777", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jonathanwilbur:asn1-ts:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "7E273ECF-B5F7-4CF5-AF6C-ECFDBD2FA39C", "versionEndExcluding": "11.0.6"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}