CVE-2026-4541

LOW

janmojzis tinyssh Ed25519 Signature crypto_sign_ed25519_tinyssh.c signature verification

Title source: cna
STIX 2.1

Description

A flaw has been found in janmojzis tinyssh up to 20250501. Impacted is an unknown function of the file tinyssh/crypto_sign_ed25519_tinyssh.c of the component Ed25519 Signature Handler. This manipulation causes improper verification of cryptographic signature. The attack is restricted to local execution. The attack's complexity is rated as high. The exploitability is considered difficult. The exploit has been published and may be used. Upgrading to version 20260301 is recommended to address this issue. Patch name: 9c87269607e0d7d20174df742accc49c042cff17. Upgrading the affected component is recommended.

References (12)

Core 12
Core References
Vdb Entry
VDB-352358 | janmojzis tinyssh Ed25519 Signature crypto_sign_ed25519_tinyssh.c signature verification
https://vuldb.com/?id.352358
Signature, Permissions Required
VDB-352358 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/?ctiid.352358
Third Party Advisory
Submit #774687 | GitHub tinyssh 20250501 Cryptographic Issues
https://vuldb.com/?submit.774687
Issue Tracking issue-tracking
https://github.com/janmojzis/tinyssh/issues/101
Vdb Entry vdb-entry
VDB-352358 | janmojzis tinyssh Ed25519 Signature crypto_sign_ed25519_tinyssh.c signature verification
https://vuldb.com/vuln/352358
Signature, Permissions Required signature permissions-required
VDB-352358 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/352358/cti
Third Party Advisory third-party-advisory
Submit #774687 | GitHub tinyssh 20250501 Cryptographic Issues
https://vuldb.com/submit/774687

Scores

CVSS v3 2.5
EPSS 0.0008
EPSS Percentile 0.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-345 CWE-347
Status published
Products (2)
janmojzis/tinyssh 20250501
janmojzis/tinyssh 20260301
Published Mar 22, 2026
Tracked Since Mar 22, 2026