CVE ID :CVE-2026-4258 Published : March 17, 2026, 5 a.m. | 1 hour, 18 minutes ago Description :All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The dhJavaEc() function directly returns the raw x-coordinate of the scalar multiplication result (no hashing), providing a plaintext oracle without requiring any decryption feedback. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...