Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.2
ASN.1 TypeScript Library Leaks Sensitive Data from INTEGER Decodes
CVE-2026-27452
Summary
The ASN.1 TypeScript library, used for encoding and decoding data, has a bug in versions 11.0.5 and below. If certain INTEGER data is decoded, sensitive data could be accidentally exposed. Update to version 11.0.6 or later to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| jonathanwilbur | asn1-ts | <= 11.0.6 | – |
Original title
ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules (BER) and Distinguished Encoding Rules (DER). In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the...
Original description
ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules (BER) and Distinguished Encoding Rules (DER). In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the underlying ArrayBuffer. This issue is expected to be fixed in version 11.0.6.
nvd CVSS3.1
5.3
nvd CVSS4.0
9.2
Vulnerability type
CWE-200
Information Exposure
Published: 21 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026