PT-2026-26972 · Tinyssh · Tinyssh

Pythok

·

Publicado

2026-01-01

·

Atualizado

2026-03-23

·

CVE-2026-4541

CVSS v3.1

2.5

Baixa

VetorAV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions janmojzis tinyssh versions up to 20250501
Description A flaw exists in the Ed25519 Signature Handler component of tinyssh, specifically within the tinyssh/crypto sign ed25519 tinyssh.c file. This issue causes improper verification of cryptographic signatures. The attack is limited to local execution and is considered difficult to exploit. The vulnerability resides in an unknown function.
Recommendations Upgrade to version 20260301 to address this issue.

Exploit

Correção

Insufficient Verification of Data Authenticity

Improper Verification of Cryptographic Signature

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-345CWE-347

Identificadores relacionados

CVE-2026-4541

Produtos afetados

Tinyssh