CVE-2026-27452
Received
Published: 21 Feb 2026, 06:50
Last modified:21 Feb 2026, 06:50
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.2 CRITICAL
v4.0 (cve.org)
EPSS Score
0.04% LOW
0% probability
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
21 Feb 2026, 06:50
Published
Vulnerability first disclosed
Description
ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules (BER) and Distinguished Encoding Rules (DER). In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the underlying ArrayBuffer. This issue is expected to be fixed in version 11.0.6.
CVSS Metrics
- v4.0•CRITICAL•Score: 9.2CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
- v4.0•CRITICAL•Score: 9.2CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Trends
Current EPSS score: 0.04%• Percentile: 13%
Techniques & Countermeasures
- CWE-200•Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Affected Systems
- jonathanwilbur•asn1-ts
≤ 11.0.5