CVE-2026-4541

Source
https://cve.org/CVERecord?id=CVE-2026-4541
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-4541.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-4541
Downstream
Published
2026-03-22T08:35:03.623Z
Modified
2026-07-08T08:13:37.969439784Z
Severity
  • 1.1 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
janmojzis tinyssh Ed25519 Signature crypto_sign_ed25519_tinyssh.c signature verification
Details

A flaw has been found in janmojzis tinyssh up to 20250501. Impacted is an unknown function of the file tinyssh/cryptosigned25519_tinyssh.c of the component Ed25519 Signature Handler. This manipulation causes improper verification of cryptographic signature. The attack is restricted to local execution. The attack's complexity is rated as high. The exploitability is considered difficult. The exploit has been published and may be used. Upgrading to version 20260301 is recommended to address this issue. Patch name: 9c87269607e0d7d20174df742accc49c042cff17. Upgrading the affected component is recommended.

Database specific
{
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-345",
        "CWE-347"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/4xxx/CVE-2026-4541.json"
}
References

Affected packages

Git / github.com/janmojzis/tinyssh

Affected ranges

Type
GIT
Repo
https://github.com/janmojzis/tinyssh
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "20250501"
        },
        {
            "last_affected": "20250501"
        }
    ]
}

Affected versions

Other
20250501

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-4541.json"