Is Jwt Attack affected by CVE-2026-4541?

CVE-2026-4541 is a low-severity vulnerability in janmojzis tinyssh (CVSS 2.5). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation. A patch is available and can be applied during standard maintenance windows.

CVE-2026-4541

EUVD-2026-14291 LOW

2026-03-22 VulDB

2.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

PoC Detected

Mar 23, 2026 - 14:31 vuln.today

Public exploit code

Analysis Generated

Mar 22, 2026 - 09:00 vuln.today

EUVD ID Assigned

Mar 22, 2026 - 09:00 euvd

EUVD-2026-14291

Patch Released

Mar 22, 2026 - 09:00 nvd

Patch available

CVE Published

Mar 22, 2026 - 08:35 nvd

LOW 2.5

Description

A flaw has been found in janmojzis tinyssh up to 20250501. Impacted is an unknown function of the file tinyssh/crypto_sign_ed25519_tinyssh.c of the component Ed25519 Signature Handler. This manipulation causes improper verification of cryptographic signature. The attack is restricted to local execution. The attack's complexity is rated as high. The exploitability is considered difficult. The exploit has been published and may be used. Upgrading to version 20260301 is recommended to address this issue. Patch name: 9c87269607e0d7d20174df742accc49c042cff17. Upgrading the affected component is recommended. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

A cryptographic signature verification flaw exists in tinyssh's Ed25519 signature handler (crypto_sign_ed25519_tinyssh.c) that allows improper validation of signatures, potentially enabling an attacker to forge or bypass signature checks. Affected versions of janmojzis tinyssh up to 20250501 are impacted, with the vulnerability requiring local execution and high attack complexity. …

Remediation

During next maintenance window: Apply vendor patches when convenient. Vendor patch is available.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +12

POC: +20

Vendor Status

Debian

tinyssh

Release	Status	Fixed Version	Urgency
bullseye	not-affected	-	-
bookworm	not-affected	-	-
trixie	vulnerable	20250501-1	-
forky, sid	fixed	20260301-1	-
(unstable)	fixed	20260301-1	unimportant

CVE-2026-4541 vulnerability details – vuln.today

Back

CVE-2026-4541

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Vendor Status

Debian

Share

CVE-2026-4541

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Vendor Status

Debian

Share

External POC / Exploit Code