CVE-2026-3706

low-risk

Published 2026-03-08

A vulnerability was determined in mkj Dropbear up to 2025.89. Impacted is the function unpackneg of the file src/curve25519.c of the component S Range Check. This manipulation causes improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is considered difficult. The actual existence of this vulnerability is currently in question. Patch name: fdec3c90a15447bd538641d85e5a3e3ac981011d. To fix this issue, it is recommended to deploy a patch. The project maintainer explains: "Signature Malleability is not exploitable in SSH protocol. (...) [A] PoC doesn't exist for SSH implementation, but rather it's against the internal API."

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.7/10 Low

NETWORK / HIGH complexity

References (8)

https://github.com/mkj/dropbear/

https://github.com/mkj/dropbear/commit/fdec3c90a15447bd538641d85e5a3e3ac981011d

https://github.com/mkj/dropbear/issues/406

https://github.com/mkj/dropbear/pull/407

https://github.com/str4d/ed25519-java/issues/82#issue-727629226

https://vuldb.com/?ctiid.349652

https://vuldb.com/?id.349652

https://vuldb.com/?submit.765933

/ 100

low-risk

Severity 13/34 · Low

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal