CVE-2026-4541

Sažetak

A flaw has been found in janmojzis tinyssh up to 20250501. Impacted is an unknown function of the file tinyssh/crypto_sign_ed25519_tinyssh.c of the component Ed25519 Signature Handler. This manipulation causes improper verification of cryptographic signature. The attack is restricted to local execution. The attack's complexity is rated as high. The exploitability is considered difficult. The exploit has been published and may be used. Upgrading to version 20260301 is recommended to address this issue. Patch name: 9c87269607e0d7d20174df742accc49c042cff17. Upgrading the affected component is recommended. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reference

https://github.com/janmojzis/tinyssh/
https://github.com/janmojzis/tinyssh/commit/9c87269607e0d7d20174df742accc49c042cff17
https://github.com/janmojzis/tinyssh/issues/101
https://github.com/janmojzis/tinyssh/issues/101#issue-3983586116
https://github.com/janmojzis/tinyssh/pull/102
https://github.com/janmojzis/tinyssh/releases/tag/20260301
https://vuldb.com/?ctiid.352358
https://vuldb.com/?id.352358
https://vuldb.com/?submit.774687

CVSS

Base:	1.0
Impact:	2.9
Exploitability:	1.5

Pristup

Vektor	Složenost	Autentikacija
LOCAL	HIGH	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:L/AC:H/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

23-03-2026 - 14:31

Objavljeno

22-03-2026 - 09:15