Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.3
Dropbear SSH Server May Allow Remote Code Execution
UBUNTU-CVE-2026-3706
Summary
A flaw in the Dropbear SSH server could allow an attacker to run unauthorized code on your system if they can connect to your server. This could happen if you're using an outdated version of Dropbear. To stay secure, make sure you have the latest version installed.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| canonical | dropbear | All versions | – |
| canonical | dropbear | All versions | – |
| canonical | dropbear | All versions | – |
| canonical | dropbear | All versions | – |
| canonical | dropbear | All versions | – |
| canonical | dropbear | All versions | – |
Original title
A vulnerability was determined in mkj Dropbear up to 2025.89. Impacted is the function unpackneg of the file src/curve25519.c of the component S Range Check. This manipulation causes improper verif...
Original description
A vulnerability was determined in mkj Dropbear up to 2025.89. Impacted is the function unpackneg of the file src/curve25519.c of the component S Range Check. This manipulation causes improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized. Patch name: fdec3c90a15447bd538641d85e5a3e3ac981011d. To fix this issue, it is recommended to deploy a patch.
osv CVSS3.1
3.7
osv CVSS4.0
7.3
- https://ubuntu.com/security/CVE-2026-3706 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-3706 Third Party Advisory
- https://github.com/mkj/dropbear/issues/406 Third Party Advisory
- https://github.com/mkj/dropbear/pull/407 Third Party Advisory
- https://github.com/mkj/dropbear/ Third Party Advisory
- https://github.com/mkj/dropbear/commit/fdec3c90a15447bd538641d85e5a3e3ac981011d Third Party Advisory
- https://github.com/mkj/dropbear/issues/406#issue-3978907798 Third Party Advisory
- https://github.com/str4d/ed25519-java/issues/82#issue-727629226 Third Party Advisory
- https://vuldb.com/?ctiid.349652 Third Party Advisory
- https://vuldb.com/?id.349652 Third Party Advisory
- https://vuldb.com/?submit.765933 Third Party Advisory
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026