Intel

AIKIDO-2026-302225

@zip.js/zip.js is vulnerable to Improper Verification of Cryptographic Signature

Improper Verification of Cryptographic Signature Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published Today

80

High Risk

This Affects:

JS@zip.js/zip.js
2.0.0 - 2.8.26
Fixed in 2.8.28
Are you affected? Scan for Free

TL;DR

@zip.js/zip.js contains several cryptographic correctness defects in its ZIP decryption path. AES-encrypted entry authentication tags are not always verified, allowing a tampered ciphertext to be decrypted and returned without the integrity check failing. ZipCrypto password verification uses a variable-time comparison, leaking timing information that can aid password recovery. When the Web Crypto API is unavailable the library falls back to a non-cryptographic pseudo-random generator for key material, weakening encryption for newly created archives. The fix enforces AES authentication on every decryption, replaces the ZipCrypto comparison with a constant-time implementation, and removes the insecure PRNG fallback.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and your application decrypts AES- or ZipCrypto-encrypted ZIP entries, or creates encrypted archives in runtimes where crypto.getRandomValues is unavailable.

Background info

@zip.js/zip.js is vulnerable to Improper Verification of Cryptographic Signature in versions 2.0.0 - 2.8.26.

How to fix this

Upgrade the @zip.js/zip.js library to the patch version.