CVE-2026-27452 | THREATINT

Description

ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules (BER) and Distinguished Encoding Rules (DER). In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the underlying ArrayBuffer. This issue is expected to be fixed in version 11.0.6.

PUBLISHED Reserved 2026-02-19 | Published 2026-02-21 | Updated 2026-02-21 | Assigner GitHub_M

CRITICAL: 9.2CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Problem types

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Product status

<= 11.0.5

affected

References

github.com/...sn1-ts/security/advisories/GHSA-h5rw-vxjr-8q79

cve.org (CVE-2026-27452)

nvd.nist.gov (CVE-2026-27452)

Download JSON