CVE-2026-55200
libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c
Description
libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.
In plain language
AI Worth attentionCVE-2026-55200 is a serious libssh2 bug where a remote attacker can crash or potentially take over your system by sending a specially crafted SSH packet; if your business connects to untrusted SSH servers using libssh2, you should update.
libssh2 contains an out-of-bounds write in ssh2_transport_read() caused by unchecked SSH packet_length values, enabling remote memory corruption and potentially arbitrary code execution from network attackers without authentication or user interaction (impact depends on reachability of the vulnerable SSH client code path).
What to do now
- Check whether your software uses libssh2 and what version you have installed (look for libssh2 version in your app/package, build logs, or dependency list).
- If your libssh2 version is 1.11.1 or earlier, plan an upgrade to the fixed version.
- Upgrade libssh2 to the fixed code at commit 7acf3dfda80c91c3a8c9f2372546301d4a1a7a8 (the vulnerability is fixed there).
- If you can’t upgrade immediately, limit exposure by ensuring your systems only connect to trusted SSH servers and restrict outbound SSH connections from the affected hosts.
CVSS Vector Breakdown
AV:NAttack VectorAC:HAttack ComplexityPR:NPrivileges RequiredUI:NUser InteractionS:UScopeC:HConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
References
- ИБ-исследователь публикует в Exploitarium эксплоиты для десятков 0-day-уязвимостейru-ru·Хакер (xakep.ru)· Source-only·
- ⚡ Weekly Recap: Linux Kernel Flaws, AI Malware Tricks, Turla Backdoor, Infostealers and Moreen·The Hacker News·
- Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flawen·The Hacker News·
- Critical libssh2 Vulnerability CVE-2026-55200 Enables Remote Code Executionen-us·Daily CyberSecurity (securityonline.info)· Summary only·
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-55200 and every CVE in our database. Create a free account — no credit card required.
Create Free Account