CVE-2026-4541
janmojzis tinyssh Ed25519 Signature crypto_sign_ed25519_tinyssh.c signature verification
CVSS Score
2.5
EPSS Score
0.0%
EPSS Percentile
0th
A flaw has been found in janmojzis tinyssh up to 20250501. Impacted is an unknown function of the file tinyssh/crypto_sign_ed25519_tinyssh.c of the component Ed25519 Signature Handler. This manipulation causes improper verification of cryptographic signature. The attack is restricted to local execution. The attack's complexity is rated as high. The exploitability is considered difficult. The exploit has been published and may be used. Upgrading to version 20260301 is recommended to address this issue. Patch name: 9c87269607e0d7d20174df742accc49c042cff17. Upgrading the affected component is recommended.
| CWE | CWE-347 CWE-345 |
| Vendor | janmojzis |
| Product | tinyssh |
| Published | Mar 22, 2026 |
| Last Updated | Apr 18, 2026 |
Stay Ahead of the Next One
Get instant alerts for janmojzis tinyssh
Be the first to know when new low vulnerabilities affecting janmojzis tinyssh are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
janmojzis / tinyssh
20250501
References
vuldb.com: https://vuldb.com/vuln/352358 vuldb.com: https://vuldb.com/vuln/352358/cti vuldb.com: https://vuldb.com/submit/774687 github.com: https://github.com/janmojzis/tinyssh/issues/101 github.com: https://github.com/janmojzis/tinyssh/pull/102 github.com: https://github.com/janmojzis/tinyssh/issues/101#issue-3983586116 github.com: https://github.com/janmojzis/tinyssh/commit/9c87269607e0d7d20174df742accc49c042cff17 github.com: https://github.com/janmojzis/tinyssh/releases/tag/20260301 github.com: https://github.com/janmojzis/tinyssh/
Credits
๐ pythok (VulDB User)