What is CVE-2026-4541?

CVE-2026-4541 is a low-severity vulnerability in Janmojzis Tinyssh, classified under Insufficient Verification of Data Authenticity. CVSS score: 2.5/10. Published 2026-03-22.

How severe is CVE-2026-4541?

Low severity. CVSS v3 base score is 2.5 out of 10.

Vulnerability in Janmojzis Tinyssh

CVE-2026-4541

A flaw has been found in janmojzis tinyssh up to 20250501. Impacted is an unknown function of the file tinyssh/crypto_sign_ed25519_tinyssh.c of the component Ed25519 Signature Handler. This manipulation causes improper verification of cryp…

EPSS: 0.000 (0.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.5 (Low). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N.

Affected products

Janmojzis Tinyssh — versions 20250501, 20260301

Weakness classification (CWE)

References

VDB-352358 | janmojzis tinyssh Ed25519 Signature crypto_sign_ed25519_tinyssh.c signature verification (vdb-entry)
VDB-352358 | CTI Indicators (IOB, IOC, IOA) (signature, permissions-required)
Submit #774687 | GitHub tinyssh 20250501 Cryptographic Issues (third-party-advisory)
cna@vuldb.com (issue-tracking)
cna@vuldb.com (issue-tracking, patch)
cna@vuldb.com (issue-tracking, exploit)
cna@vuldb.com (patch)
cna@vuldb.com (patch)
cna@vuldb.com (product)

Frequently asked questions

What is CVE-2026-4541?: CVE-2026-4541 is a low-severity vulnerability in Janmojzis Tinyssh, classified under Insufficient Verification of Data Authenticity. CVSS score: 2.5/10. Published 2026-03-22.
How severe is CVE-2026-4541?: Low severity. CVSS v3 base score is 2.5 out of 10.