Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-zdq3-uku1-c7du
SummaryA flaw has been found in janmojzis tinyssh up to 20250501. Impacted is an unknown function of the file tinyssh/crypto_sign_ed25519_tinyssh.c of the component Ed25519 Signature Handler. This manipulation causes improper verification of cryptographic signature. The attack is restricted to local execution. The attack's complexity is rated as high. The exploitability is considered difficult. The exploit has been published and may be used. Upgrading to version 20260301 is recommended to address this issue. Patch name: 9c87269607e0d7d20174df742accc49c042cff17. Upgrading the affected component is recommended. If you want to get best quality of vulnerability data, you may have to visit VulDB.
Aliases
0
alias CVE-2026-4541
Fixed_packages
0
url pkg:deb/debian/tinyssh@0?distro=trixie
purl pkg:deb/debian/tinyssh@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyssh@0%3Fdistro=trixie
1
url pkg:deb/debian/tinyssh@20190101-1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/tinyssh@20190101-1%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jzn6-bzzf-nugp
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyssh@20190101-1%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/tinyssh@20230101-1?distro=trixie
purl pkg:deb/debian/tinyssh@20230101-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jzn6-bzzf-nugp
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyssh@20230101-1%3Fdistro=trixie
3
url pkg:deb/debian/tinyssh@20260301-1?distro=trixie
purl pkg:deb/debian/tinyssh@20260301-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyssh@20260301-1%3Fdistro=trixie
4
url pkg:deb/debian/tinyssh@20260401-1?distro=trixie
purl pkg:deb/debian/tinyssh@20260401-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyssh@20260401-1%3Fdistro=trixie
5
url pkg:deb/debian/tinyssh@20260401-1
purl pkg:deb/debian/tinyssh@20260401-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyssh@20260401-1
Affected_packages
0
url pkg:deb/debian/tinyssh@20250501-1?distro=trixie
purl pkg:deb/debian/tinyssh@20250501-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zdq3-uku1-c7du
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyssh@20250501-1%3Fdistro=trixie
1
url pkg:deb/debian/tinyssh@20250501-1
purl pkg:deb/debian/tinyssh@20250501-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zdq3-uku1-c7du
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyssh@20250501-1
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4541
reference_id
reference_type
scores
0
value 2e-05
scoring_system epss
scoring_elements 0.00033
published_at 2026-04-21T12:55:00Z
1
value 3e-05
scoring_system epss
scoring_elements 0.0009
published_at 2026-04-18T12:55:00Z
2
value 3e-05
scoring_system epss
scoring_elements 0.00093
published_at 2026-04-13T12:55:00Z
3
value 3e-05
scoring_system epss
scoring_elements 0.00091
published_at 2026-04-08T12:55:00Z
4
value 3e-05
scoring_system epss
scoring_elements 0.00092
published_at 2026-04-09T12:55:00Z
5
value 3e-05
scoring_system epss
scoring_elements 0.00094
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4541
1
reference_url https://github.com/janmojzis/tinyssh/issues/101
reference_id 101
reference_type
scores
0
value 1
scoring_system cvssv2
scoring_elements AV:L/AC:H/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C
1
value 2.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
2
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
3
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T15:33:32Z/
url https://github.com/janmojzis/tinyssh/issues/101
2
reference_url https://github.com/janmojzis/tinyssh/issues/101#issue-3983586116
reference_id 101#issue-3983586116
reference_type
scores
0
value 1
scoring_system cvssv2
scoring_elements AV:L/AC:H/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C
1
value 2.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
2
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
3
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T15:33:32Z/
url https://github.com/janmojzis/tinyssh/issues/101#issue-3983586116
3
reference_url https://github.com/janmojzis/tinyssh/pull/102
reference_id 102
reference_type
scores
0
value 1
scoring_system cvssv2
scoring_elements AV:L/AC:H/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C
1
value 2.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
2
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
3
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T15:33:32Z/
url https://github.com/janmojzis/tinyssh/pull/102
4
reference_url https://github.com/janmojzis/tinyssh/releases/tag/20260301
reference_id 20260301
reference_type
scores
0
value 1
scoring_system cvssv2
scoring_elements AV:L/AC:H/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C
1
value 2.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
2
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
3
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T15:33:32Z/
url https://github.com/janmojzis/tinyssh/releases/tag/20260301
5
reference_url https://vuldb.com/vuln/352358
reference_id 352358
reference_type
scores
0
value 1
scoring_system cvssv2
scoring_elements AV:L/AC:H/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C
1
value 2.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
2
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
3
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T15:33:32Z/
url https://vuldb.com/vuln/352358
6
reference_url https://vuldb.com/submit/774687
reference_id 774687
reference_type
scores
0
value 1
scoring_system cvssv2
scoring_elements AV:L/AC:H/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C
1
value 2.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
2
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
3
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T15:33:32Z/
url https://vuldb.com/submit/774687
7
reference_url https://github.com/janmojzis/tinyssh/commit/9c87269607e0d7d20174df742accc49c042cff17
reference_id 9c87269607e0d7d20174df742accc49c042cff17
reference_type
scores
0
value 1
scoring_system cvssv2
scoring_elements AV:L/AC:H/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C
1
value 2.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
2
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
3
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T15:33:32Z/
url https://github.com/janmojzis/tinyssh/commit/9c87269607e0d7d20174df742accc49c042cff17
8
reference_url https://vuldb.com/vuln/352358/cti
reference_id cti
reference_type
scores
0
value 1
scoring_system cvssv2
scoring_elements AV:L/AC:H/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C
1
value 2.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
2
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
3
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T15:33:32Z/
url https://vuldb.com/vuln/352358/cti
9
reference_url https://vuldb.com/?ctiid.352358
reference_id ?ctiid.352358
reference_type
scores
0
value 1
scoring_system cvssv2
scoring_elements AV:L/AC:H/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C
1
value 2.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
2
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
3
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T15:33:32Z/
url https://vuldb.com/?ctiid.352358
10
reference_url https://vuldb.com/?id.352358
reference_id ?id.352358
reference_type
scores
0
value 1
scoring_system cvssv2
scoring_elements AV:L/AC:H/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C
1
value 2.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
2
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
3
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T15:33:32Z/
url https://vuldb.com/?id.352358
11
reference_url https://vuldb.com/?submit.774687
reference_id ?submit.774687
reference_type
scores
0
value 1
scoring_system cvssv2
scoring_elements AV:L/AC:H/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C
1
value 2.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
2
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
3
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T15:33:32Z/
url https://vuldb.com/?submit.774687
12
reference_url https://github.com/janmojzis/tinyssh/
reference_id tinyssh
reference_type
scores
0
value 1
scoring_system cvssv2
scoring_elements AV:L/AC:H/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C
1
value 2.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
2
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
3
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T15:33:32Z/
url https://github.com/janmojzis/tinyssh/
Weaknesses
0
cwe_id 345
name Insufficient Verification of Data Authenticity
description The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
1
cwe_id 347
name Improper Verification of Cryptographic Signature
description The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Exploits
Severity_range_score1.0 - 2.5
Exploitability0.5
Weighted_severity2.2
Risk_score1.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-zdq3-uku1-c7du