Description
A vulnerability was determined in mkj Dropbear up to 2025.89. Impacted is the function unpackneg of the file src/curve25519.c of the component S Range Check. This manipulation causes improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is considered difficult. The actual existence of this vulnerability is currently in question. Patch name: fdec3c90a15447bd538641d85e5a3e3ac981011d. To fix this issue, it is recommended to deploy a patch. The project maintainer explains: "Signature Malleability is not exploitable in SSH protocol. (...) [A] PoC doesn't exist for SSH implementation, but rather it's against the internal API."
Published: 2026-03-08
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Improper cryptographic signature verification in Dropbear 2025.89
Action: Apply patch
AI Analysis

Impact

A flaw in the unpackneg function in src/curve25519.c of Dropbear up to 2025.89 causes the SSH server to accept signatures that should otherwise be rejected. The vulnerability may allow a remote attacker, using a complex and difficult exploitation technique, to trick the server into accepting malformed or malicious data. The project maintainer notes that signature malleability is not directly exploitable in the SSH protocol itself and that a proof‑of‑concept has not been demonstrated against the SSH implementation, only against the internal API.

Affected Systems

Dropbear SSH server (maintained by mkj) with versions 2025.89 and earlier.

Risk and Exploitability

The CVSS score is 6.3, indicating medium severity, while the EPSS score is below 1 %, signaling a low probability of real‑world exploitation. The vulnerability is not listed in CISA’s KEV catalog. The flaw can be triggered remotely, but it requires high attacker skill and the current evidence for a working exploit is uncertain. Consequently, the overall risk is moderate but the likelihood of actual compromise is low.

Generated by OpenCVE AI on April 16, 2026 at 10:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Dropbear to a version that includes the patch corresponding to commit fdec3c90a15447bd538641d85e5a3e3ac981011d (or any later release that incorporates the fix).
  • If an immediate upgrade is not possible, restrict use of the internal API that invokes the unpackneg function or switch to a different cryptographic path that bypasses the vulnerable code.
  • Stay informed by monitoring the Dropbear project’s security announcements and repositories for any further updates or work‑arounds.

Generated by OpenCVE AI on April 16, 2026 at 10:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
References

Mon, 16 Mar 2026 06:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in mkj Dropbear up to 2025.89. Impacted is the function unpackneg of the file src/curve25519.c of the component S Range Check. This manipulation causes improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized. Patch name: fdec3c90a15447bd538641d85e5a3e3ac981011d. To fix this issue, it is recommended to deploy a patch. A vulnerability was determined in mkj Dropbear up to 2025.89. Impacted is the function unpackneg of the file src/curve25519.c of the component S Range Check. This manipulation causes improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is considered difficult. The actual existence of this vulnerability is currently in question. Patch name: fdec3c90a15447bd538641d85e5a3e3ac981011d. To fix this issue, it is recommended to deploy a patch. The project maintainer explains: "Signature Malleability is not exploitable in SSH protocol. (...) [A] PoC doesn't exist for SSH implementation, but rather it's against the internal API."
References
Metrics cvssV2_0

{'score': 2.6, 'vector': 'AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 3.7, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

 cvssV2_0

{'score': 2.6, 'vector': 'AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C'}

cvssV3_0

{'score': 3.7, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C'}

cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U'}

Tue, 10 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 09 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Mkj
Mkj dropbear
Vendors & Products Mkj
Mkj dropbear

Sun, 08 Mar 2026 05:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in mkj Dropbear up to 2025.89. Impacted is the function unpackneg of the file src/curve25519.c of the component S Range Check. This manipulation causes improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized. Patch name: fdec3c90a15447bd538641d85e5a3e3ac981011d. To fix this issue, it is recommended to deploy a patch.
Title mkj Dropbear S Range Check curve25519.c unpackneg signature verification
Weaknesses CWE-345
CWE-347
References
Metrics cvssV2_0

{'score': 2.6, 'vector': 'AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 3.7, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Mkj Dropbear
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-22T18:54:11.224Z

Reserved: 2026-03-07T09:05:33.842Z

Link: CVE-2026-3706

cve-icon Vulnrichment

Updated: 2026-03-10T14:06:32.527Z

cve-icon NVD

Status : Deferred

Published: 2026-03-08T05:16:31.847

Modified: 2026-04-22T21:27:27.950

Link: CVE-2026-3706

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T10:45:26Z

Weaknesses