# node-forge@0.7.6 — Threat Briefing

Critical risk — threat briefing for npm package node-forge@0.7.6. Capabilities, risk paths, and what to check.

- **Ecosystem:** npm
- **Latest version:** 1.3.3
- **License:** (BSD-3-Clause OR GPL-2.0)

## Risk

- **Level:** critical
- **Summary:** Critical vulnerability CVE-2026-33896 in this package — do not install

## Capability Summary

| Capability | Level |
|---|---|
| install scripts | Prepublish |
| network access | client |
| filesystem | read |
| shell execution | none |

## Capabilities

### Install Scripts

- Install-time script execution [common]

### Other

- Cryptographic hashing [common]
- Encryption/decryption operations [common]
- Long encoded payload [common]

### Network

- Network client [common]

## Key Signals

- ****
- ****
- ****
- ****
- ****
- ****
- ****
- ****
- ****
- ****
- ****
- ****

## Maintainer


## Recommended Action

Do not install. Review immediately if already in use.