Which versions of Jwt Attack are affected by CVE-2026-4541?

CVE-2026-4541 is a low-severity vulnerability in janmojzis tinyssh (CVSS 2.5). The limited severity suggests constrained impact, typically requiring specific conditions or local access for…. A patch is available.

Is there a public PoC exploit available for CVE-2026-4541?

Yes, a public proof-of-concept exploit is available for CVE-2026-4541. Prioritise patching immediately. EPSS: 0.0%.

Jwt Attack CVE-2026-4541

Q: What is the CVSS score of CVE-2026-4541?

CVE-2026-4541 has a CVSS 4.0 base score of 1.1 (Low). CVSS vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-14291 LOW

Improper Verification of Cryptographic Signature (CWE-347)

2026-03-22 VulDB

Information Disclosure Jwt Attack

1.1

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

2.0 (LOW) 1.1 (LOW)

CVSS changed

Apr 18, 2026 - 05:22 NVD

2.5 (LOW) 2.0 (LOW)

PoC Detected

Mar 23, 2026 - 14:31 vuln.today

Public exploit code

EUVD ID Assigned

Mar 22, 2026 - 09:00 euvd

EUVD-2026-14291

Analysis Generated

Mar 22, 2026 - 09:00 vuln.today

Patch released

Mar 22, 2026 - 09:00 nvd

Patch available

CVE Published

Mar 22, 2026 - 08:35 nvd

LOW 2.5

DescriptionNVD

A flaw has been found in janmojzis tinyssh up to 20250501. Impacted is an unknown function of the file tinyssh/crypto_sign_ed25519_tinyssh.c of the component Ed25519 Signature Handler. This manipulation causes improper verification of cryptographic signature. The attack is restricted to local execution. The attack's complexity is rated as high. The exploitability is considered difficult. The exploit has been published and may be used. Upgrading to version 20260301 is recommended to address this issue. Patch name: 9c87269607e0d7d20174df742accc49c042cff17. Upgrading the affected component is recommended. If you want to get best quality of vulnerability data, you may have to visit VulDB.

AnalysisAI

A cryptographic signature verification flaw exists in tinyssh's Ed25519 signature handler (crypto_sign_ed25519_tinyssh.c) that allows improper validation of signatures, potentially enabling an attacker to forge or bypass signature checks. Affected versions of janmojzis tinyssh up to 20250501 are impacted, with the vulnerability requiring local execution and high attack complexity. …

RemediationAI

During next maintenance window: Apply vendor patches when convenient. Vendor patch is available.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Vendor StatusVendor

Debian

tinyssh

Release	Status	Fixed Version	Urgency
bullseye	not-affected	-	-
bookworm	not-affected	-	-
trixie	vulnerable	20250501-1	-
forky, sid	fixed	20260301-1	-
(unstable)	fixed	20260301-1	unimportant

CVE-2026-4541 vulnerability details – vuln.today

Back