HIGH
Digitalbazaar
CVE published 2026-03-27
CVE-2026-33896
CVE-2026-33896 is a high-severity vulnerability in the Forge (node-forge) library, a native implementation of Transport Layer Security in JavaScript. The vulnerability exists in the `pki.verifyCertificateChain()` function, which does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the `basicConstraints` and `keyUsage` extensions. This allows any leaf certific [truncated]