CVE-2026-4541

Sažetak

A flaw has been found in janmojzis tinyssh up to 20250501. Impacted is an unknown function of the file tinyssh/crypto_sign_ed25519_tinyssh.c of the component Ed25519 Signature Handler. This manipulation causes improper verification of cryptographic signature. The attack is restricted to local execution. The attack's complexity is rated as high. The exploitability is considered difficult. The exploit has been published and may be used. Upgrading to version 20260301 is recommended to address this issue. Patch name: 9c87269607e0d7d20174df742accc49c042cff17. Upgrading the affected component is recommended.

Reference

https://github.com/janmojzis/tinyssh/
https://github.com/janmojzis/tinyssh/commit/9c87269607e0d7d20174df742accc49c042cff17
https://github.com/janmojzis/tinyssh/issues/101
https://github.com/janmojzis/tinyssh/issues/101#issue-3983586116
https://github.com/janmojzis/tinyssh/pull/102
https://github.com/janmojzis/tinyssh/releases/tag/20260301
https://vuldb.com/submit/774687
https://vuldb.com/vuln/352358
https://vuldb.com/vuln/352358/cti

CVSS

Base:	1.0
Impact:	2.9
Exploitability:	1.5

Pristup

Vektor	Složenost	Autentikacija
LOCAL	HIGH	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:L/AC:H/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

24-04-2026 - 16:32

Objavljeno

22-03-2026 - 09:15