CVE-2026-55200

Summary

libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.

Affected Software

VendorProductVersion RangeStatus
libssh2libssh20 <= 1.11.1affected
libssh2libssh27acf3dfda80c91c3a8c9f2372546301d4a1a7a8unaffected

Weaknesses

  • CWE-680: Integer Overflow to Buffer Overflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References