EUVD-2026-14291
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
5Description
A flaw has been found in janmojzis tinyssh up to 20250501. Impacted is an unknown function of the file tinyssh/crypto_sign_ed25519_tinyssh.c of the component Ed25519 Signature Handler. This manipulation causes improper verification of cryptographic signature. The attack is restricted to local execution. The attack's complexity is rated as high. The exploitability is considered difficult. The exploit has been published and may be used. Upgrading to version 20260301 is recommended to address this issue. Patch name: 9c87269607e0d7d20174df742accc49c042cff17. Upgrading the affected component is recommended. If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
A cryptographic signature verification flaw exists in tinyssh's Ed25519 signature handler (crypto_sign_ed25519_tinyssh.c) that allows improper validation of signatures, potentially enabling an attacker to forge or bypass signature checks. Affected versions of janmojzis tinyssh up to 20250501 are impacted, with the vulnerability requiring local execution and high attack complexity. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
During next maintenance window: Apply vendor patches when convenient. Vendor patch is available.
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | not-affected | - | - |
| bookworm | not-affected | - | - |
| trixie | vulnerable | 20250501-1 | - |
| forky, sid | fixed | 20260301-1 | - |
| (unstable) | fixed | 20260301-1 | unimportant |
Share
External POC / Exploit Code
Leaving vuln.today