CVE-2026-4541

A flaw has been found in janmojzis tinyssh up to 20250501. Impacted is an unknown function of the file tinyssh/crypto_sign_ed25519_tinyssh.c of the component Ed25519 Signature Handler. This manipulation causes improper verification of cryptographic signature. The attack is restricted to local execution. The attack's complexity is rated as high. The exploitability is considered difficult. The exploit has been published and may be used. Upgrading to version 20260301 is recommended to address this issue. Patch name: 9c87269607e0d7d20174df742accc49c042cff17. Upgrading the affected component is recommended.

CVSS v3 2.5 LOW
CVSS v2.0 1.0 LOW

2.5^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

1.0^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:H/Au:S/C:N/I:P/A:N

Exploitability : 1.5 / Impact : 2.9

Access Vector LOCAL

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/janmojzis/tinyssh/
https://github.com/janmojzis/tinyssh/commit/9c87269607e0d7d20174df742accc49c042cff17
https://github.com/janmojzis/tinyssh/issues/101
https://github.com/janmojzis/tinyssh/issues/101#issue-3983586116
https://github.com/janmojzis/tinyssh/pull/102
https://github.com/janmojzis/tinyssh/releases/tag/20260301
https://vuldb.com/submit/774687
https://vuldb.com/vuln/352358
https://vuldb.com/vuln/352358/cti

Configurations

No configuration.

History

18 Apr 2026, 05:16

Type	Values Removed	Values Added
Summary		(es) Se ha encontrado una falla en janmojzis tinyssh hasta 20250501. Afectada es una función desconocida del archivo tinyssh/crypto_sign_ed25519_tinyssh.c del componente Gestor de Firma Ed25519. Esta manipulación causa una verificación incorrecta de la firma criptográfica. El ataque está restringido a la ejecución local. La complejidad del ataque se califica como alta. La explotabilidad se considera difícil. El exploit ha sido publicado y puede ser utilizado. Se recomienda actualizar a la versión 20260301 para abordar este problema. Nombre del parche: 9c87269607e0d7d20174df742accc49c042cff17. Se recomienda actualizar el componente afectado. Si desea obtener la mejor calidad de datos de vulnerabilidad, puede que tenga que visitar VulDB.
Summary	(en) A flaw has been found in janmojzis tinyssh up to 20250501. Impacted is an unknown function of the file tinyssh/crypto_sign_ed25519_tinyssh.c of the component Ed25519 Signature Handler. This manipulation causes improper verification of cryptographic signature. The attack is restricted to local execution. The attack's complexity is rated as high. The exploitability is considered difficult. The exploit has been published and may be used. Upgrading to version 20260301 is recommended to address this issue. Patch name: 9c87269607e0d7d20174df742accc49c042cff17. Upgrading the affected component is recommended. If you want to get best quality of vulnerability data, you may have to visit VulDB.	(en) A flaw has been found in janmojzis tinyssh up to 20250501. Impacted is an unknown function of the file tinyssh/crypto_sign_ed25519_tinyssh.c of the component Ed25519 Signature Handler. This manipulation causes improper verification of cryptographic signature. The attack is restricted to local execution. The attack's complexity is rated as high. The exploitability is considered difficult. The exploit has been published and may be used. Upgrading to version 20260301 is recommended to address this issue. Patch name: 9c87269607e0d7d20174df742accc49c042cff17. Upgrading the affected component is recommended.
References	~~{'url': 'https://vuldb.com/?ctiid.352358', 'source': 'cna@vuldb.com'}~~ ~~{'url': 'https://vuldb.com/?id.352358', 'source': 'cna@vuldb.com'}~~ ~~{'url': 'https://vuldb.com/?submit.774687', 'source': 'cna@vuldb.com'}~~	() https://vuldb.com/submit/774687 - () https://vuldb.com/vuln/352358 - () https://vuldb.com/vuln/352358/cti -

22 Mar 2026, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-22 09:15

Updated : 2026-04-29 01:00

NVD link : CVE-2026-4541

Mitre link : CVE-2026-4541

CVE.ORG link : CVE-2026-4541

JSON object : View

Products Affected

No product.

CWE

CWE-345

Insufficient Verification of Data Authenticity

CWE-347

Improper Verification of Cryptographic Signature

2.5 /10

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

1.0 /10

Access Vector LOCAL

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2026-4541

2.5^/10

1.0^/10

Attach tags to `CVE-2026-4541`