PatchSiren

Digitalbazaar CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Digitalbazaar CVE published 2026-03-27

CVE-2026-33896

CVE-2026-33896 is a high-severity vulnerability in the Forge (node-forge) library, a native implementation of Transport Layer Security in JavaScript. The vulnerability exists in the `pki.verifyCertificateChain()` function, which does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the `basicConstraints` and `keyUsage` extensions. This allows any leaf certific [truncated]