CVE-2026-4541

Published: Mar 22, 2026 Last Modified: Mar 22, 2026
ExploitDB:
Other exploit source:
Google Dorks:
LOW 2,0
Source: [email protected]
Attack Vector: local
Attack Complexity: high
Privileges Required: low
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
LOW 2,5
Source: [email protected]
Attack Vector: local
Attack Complexity: high
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: none
LOW 1,0
Source: [email protected]
Access Vector: local
Access Complexity: high
Authentication: single
Confidentiality: none
Integrity: partial
Availability: none

Description

AI Translation Available

A flaw has been found in janmojzis tinyssh up to 20250501. Impacted is an unknown function of the file tinyssh/crypto_sign_ed25519_tinyssh.c of the component Ed25519 Signature Handler. This manipulation causes improper verification of cryptographic signature. The attack is restricted to local execution. The attack's complexity is rated as high. The exploitability is considered difficult. The exploit has been published and may be used. Upgrading to version 20260301 is recommended to address this issue. Patch name: 9c87269607e0d7d20174df742accc49c042cff17. Upgrading the affected component is recommended. If you want to get best quality of vulnerability data, you may have to visit VulDB.

345

Insufficient Verification of Data Authenticity

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Other
Potential Impacts:
Varies By Context Unexpected State
Applicable Platforms
Technologies: ICS/OT
View CWE Details
347

Improper Verification of Cryptographic Signature

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control Integrity Confidentiality
Potential Impacts:
Gain Privileges Or Assume Identity Modify Application Data Execute Unauthorized Code Or Commands
Applicable Platforms
All platforms may be affected
View CWE Details
https://github.com/janmojzis/tinyssh/
https://github.com/janmojzis/tinyssh/
https://github.com/janmojzis/tinyssh/commit/9c87269607e0d7d…
https://github.com/janmojzis/tinyssh/commit/9c87269607e0d7d20174df742accc49c042…
https://github.com/janmojzis/tinyssh/issues/101
https://github.com/janmojzis/tinyssh/issues/101
https://github.com/janmojzis/tinyssh/issues/101#issue-39835…
https://github.com/janmojzis/tinyssh/issues/101#issue-3983586116
https://github.com/janmojzis/tinyssh/pull/102
https://github.com/janmojzis/tinyssh/pull/102
https://github.com/janmojzis/tinyssh/releases/tag/20260301
https://github.com/janmojzis/tinyssh/releases/tag/20260301
https://vuldb.com/?ctiid.352358
https://vuldb.com/?ctiid.352358
https://vuldb.com/?id.352358
https://vuldb.com/?id.352358
https://vuldb.com/?submit.774687
https://vuldb.com/?submit.774687