216.73.217.47

CVE-2026-3706

· Published 08/03/2026 05:16 · Modified 09/03/2026 13:35

Labels: CVE-2026-3706 2026-03-08CVE-2026-3706CWE-345[email protected]

Essential information

Published
08/03/2026 05:16
Modified
09/03/2026 13:35
Author
Creator
CVSS
6.3 MEDIUM (v3) 6.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A vulnerability was determined in mkj Dropbear up to 2025.89. Impacted is the function unpackneg of the file src/curve25519.c of the component S Range Check. This manipulation causes improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized. Patch name: fdec3c90a15447bd538641d85e5a3e3ac981011d. To fix this issue, it is recommended to deploy a patch.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
mkj / dropbear cpe:2.3:a:mkj:dropbear:*:*:*:*:*:*:*:*

References