CVE-2026-3706

Name of the Vulnerable Software and Affected Versions Dropbear versions up to 2025.89

Description A flaw exists in mkj Dropbear that relates to improper verification of cryptographic signatures. This issue stems from a manipulation within the unpackneg function located in the src/curve25519.c file, specifically within the S Range Check component. The attack can be initiated remotely and is considered to have high complexity, with difficult exploitability. The exploit has been publicly disclosed. The issue undermines integrity and auditing of Ed25519 signatures, allowing crafted signatures to be accepted.

Recommendations Deploy the patch fdec3c90a15447bd538641d85e5a3e3ac981011d.