CVE-2026-2739_CVE-2026-2739

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

Description

This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.

Basic Information

ID CVE-2026-2739

Source snyk

Published Feb 20, 2026 at 05:00

Affected Product

Vendor n/a

Product bn.js

Affected Versions n/a bn.js 0

References

{
    "lastseen": "",
    "description": "This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.",
    "published": "2026-02-20T05:00:08.253Z",
    "modified": "2026-02-20T05:00:08.253Z",
    "type": "cve",
    "title": "CVE-2026-2739",
    "source": "snyk",
    "references": "https://security.snyk.io/vuln/SNYK-JS-BNJS-15274301\nhttps://github.com/indutny/bn.js/issues/316\nhttps://github.com/indutny/bn.js/issues/186\nhttps://gist.github.com/Kr0emer/02370d18328c28b5dd7f9ac880d22a91\nhttps://github.com/indutny/bn.js/pull/317\nhttps://github.com/indutny/bn.js/commit/33df26b5771e824f303a79ec6407409376baa64b",
    "id": "CVE-2026-2739",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "n/a bn.js 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "bn.js",
    "version": "0",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply