CVE-2026-3706

EUVD-2026-10213

08.03.2026, 05:16

A vulnerability was determined in mkj Dropbear up to 2025.89. Impacted is the function unpackneg of the file src/curve25519.c of the component S Range Check. This manipulation causes improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized. Patch name: fdec3c90a15447bd538641d85e5a3e3ac981011d. To fix this issue, it is recommended to deploy a patch.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.7 LOW	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
VulDB	CNA	3.7 LOW				CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Common Weakness Enumeration

CWE-345 - Insufficient Verification of Data Authenticity
The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Vulnerability Media Exposure

[GERMAN] Dropbear SSH: Schwachstelle ermöglicht Manipulation von Dateien
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Dropbear SSH ausnutzen, um Dateien zu manipulieren.
Published: 2026-03-08T23:00:00+00:00

References

https://github.com/mkj/dropbear/

https://github.com/mkj/dropbear/commit/fdec3c90a15447bd538641d85e5a3e3ac981011d

https://github.com/mkj/dropbear/issues/406#issue-3978907798

https://github.com/mkj/dropbear/pull/407

https://github.com/str4d/ed25519-java/issues/82#issue-727629226

https://vuldb.com/?ctiid.349652

https://vuldb.com/?id.349652

https://vuldb.com/?submit.765933