CVE-2026-4541

A flaw has been found in janmojzis tinyssh up to 20250501. Impacted is an unknown function of the file tinyssh/cryptosigned25519_tinyssh.c of the component Ed25519 Signature Handler. This manipulation causes improper verification of cryptographic signature. The attack is restricted to local execution. The attack's complexity is rated as high. The exploitability is considered difficult. The exploit has been published and may be used. Upgrading to version 20260301 is recommended to address this issue. Patch name: 9c87269607e0d7d20174df742accc49c042cff17. Upgrading the affected component is recommended. If you want to get best quality of vulnerability data, you may have to visit VulDB.

References

Affected packages

Git / github.com/janmojzis/tinyssh

Affected ranges

Type: GIT
Repo: https://github.com/janmojzis/tinyssh
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

9c87269607e0d7d20174df742accc49c042cff17

Type: GIT
Repo: https://github.com/janmojzis/tinyssh
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a1eefe365ef71b1aa961c7a5236a85e89196cd33

Affected versions

Other

20150801

20151001

20160201

20160301

20160318

20160720

20160726

20160727

20160809

20160811

20160812

20161001

20161101

20180101

20180110

20180201

20181206

20190101

20210319

20210601

20220101

20220222

20220305

20220311

20220801

20230101

20240101

20241111

20241201

20250126

20250201

20250411

20250501

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-4541.json"