PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-55200 libssh2 CVE debrief

A critical vulnerability, CVE-2026-55200, has been identified in libssh2, a popular SSH library. This out-of-bounds write vulnerability, with a CVSS score of 9.2, occurs in the `ssh2_transport_read()` function, which fails to enforce upper bounds on the `packet_length` field. Remote attackers can exploit this vulnerability by sending crafted SSH packets with excessively large `packet_length` values, potentially leading to heap memory corruption and remote code execution. The vulnerability was fixed in commit `7acf3df`. Organizations using libssh2 should prioritize patching to prevent potential attacks.

Vendor
libssh2
Product
Unknown
CVSS
CRITICAL 9.2
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-22
Advisory published
2026-06-17
Advisory updated
2026-06-22

Who should care

Developers and administrators using libssh2 in their applications or infrastructure should be aware of this critical vulnerability. This includes anyone who uses SSH for secure communication, as an attacker could exploit this vulnerability to gain unauthorized access or execute malicious code remotely.

Technical summary

The vulnerability is located in the `ssh2_transport_read()` function of libssh2, where it fails to properly validate the `packet_length` field of incoming SSH packets. This allows an attacker to send a packet with a large `packet_length` value, causing an out-of-bounds write that can corrupt heap memory. Successful exploitation could lead to remote code execution. The issue was addressed with a fix in commit `97acf3dfda80c91c3a8c9f2372546301d4a1a7a8`.

Defensive priority

High

Recommended defensive actions

  • Apply the patch from commit `97acf3dfda80c91c3a8c9f2372546301d4a1a7a8` or update to a version of libssh2 that includes this fix.
  • Review and restrict SSH access to only trusted sources.
  • Implement additional monitoring to detect suspicious SSH traffic.
  • Consider using secure SSH configurations and keys.
  • Regularly update and patch libssh2 and dependent applications.
  • Use network segmentation to limit the impact of a potential breach.

Evidence notes

The information provided is based on data from the National Vulnerability Database (NVD) and Vulncheck. The CVE record and NVD detail pages offer comprehensive information about the vulnerability, including its CVSS score, weaknesses, and references to patches and advisories.

Official resources

public