CVE-2026-4541

CVSS v3.1

2.5

Low

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions janmojzis tinyssh versions up to 20250501

Description A flaw exists in the Ed25519 Signature Handler component of tinyssh, specifically within the tinyssh/crypto sign ed25519 tinyssh.c file. This issue causes improper verification of cryptographic signatures. The attack is limited to local execution and is considered difficult to exploit. The vulnerability resides in an unknown function.

Recommendations Upgrade to version 20260301 to address this issue.

Exploit

Fix

Insufficient Verification of Data Authenticity

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345CWE-347

Related Identifiers

CVE-2026-4541

Affected Products

Tinyssh

CVE-2026-4541

Weakness Enumeration

Related Identifiers

Affected Products

References · 23