## High-Severity CVE-2026-33891 Detected in node-forge-0.10.0, Exposing Angular Build Chain A high-severity vulnerability, CVE-2026-33891, has been identified in the widely used `node-forge` library version 0.10.0. This JavaScript library provides critical implementations for cryptography, ciphers, and PKI, making its security flaws a significant risk to any dependent application. The vulnerability was detected in a project's `master` branch, with the vulnerable package located at `/node_modules/node-forge/package.json`. The exposure path is not direct but buried deep within the dependency chain: the root `build-angular-12.2.16.tgz` package depends on `webpack-dev-server-3.11.3.tgz`, which pulls in `selfsigned-1.10.14.tgz`, which finally imports the compromised `node-forge-0.10.0.tgz`. This nested dependency structure highlights a common but dangerous attack surface in modern software development. The vulnerability resides in a foundational cryptographic component, meaning any breach could potentially compromise data integrity, encryption, or authentication mechanisms in applications built with this toolchain. The specific project affected uses an Angular build framework (version 12.2.16), indicating this risk could extend to numerous web applications relying on similar development stacks. The discovery prompts immediate scrutiny for development teams using Angular, Webpack, or the `selfsigned` package. While the exact exploit details of CVE-2026-33891 are not specified, its high-severity classification signals a pressing need for dependency audits and updates. Organizations must trace their own dependency trees to see if this vulnerable version of `node-forge` is present, as its position deep in the supply chain makes it an easy oversight with potentially severe consequences for application security. --- - **Source**: GitHub Issues - **Sector**: The Lab - **Tags**: CVE, Supply Chain Security, npm, Angular, Cryptography - **Credibility**: unverified - **Published**: 2026-04-01 20:27:27 - **ID**: 46006 - **URL**: https://whisperx.ai/en/intel/46006