PatchSiren cyber security CVE debrief

CVE-2026-0967 Redhat CVE debrief

CVE-2026-0967 is a denial-of-service issue in libssh affecting client-side hostname pattern handling. According to the published description, a remote attacker who can influence client configuration files or known_hosts entries may craft hostnames that trigger inefficient regular-expression backtracking in match_pattern(), leading to timeouts and resource exhaustion. NVD lists libssh versions through 0.11.3 as vulnerable and assigns a medium-severity CVSS 3.1 score of 5.5.

Vendor: Redhat
Product: Unknown
CVSS: MEDIUM 5.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-03-26
Original CVE updated: 2026-05-19
Advisory published: 2026-03-26
Advisory updated: 2026-05-19

Who should care

Teams that deploy or embed libssh clients should pay attention, especially administrators and developers who manage SSH client configuration files, known_hosts content, or automated tooling that processes untrusted host patterns. Red Hat customers using affected package builds should also review the linked advisories.

Technical summary

The issue is a performance-oriented denial of service rather than a code-execution flaw. NVD maps the weakness to CWE-1333 and reports the vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The described trigger is maliciously crafted hostnames processed by libssh's match_pattern() function, where regex backtracking can become inefficient enough to consume time and resources. NVD's vulnerable CPE data includes libssh up to 0.11.3, and it also lists Red Hat Enterprise Linux 9.0 and 10.0 in the vulnerable criteria.

Defensive priority

Medium. The impact is availability-focused and requires user interaction, but it can still disrupt SSH client operations or automation that depends on libssh. Prioritize remediation if your environment processes external or semi-trusted hostnames, known_hosts entries, or configuration content.

Recommended defensive actions

Check whether any deployed or embedded libssh builds are at or below version 0.11.3.
Review SSH client workflows that read or import hostnames, configuration files, or known_hosts entries from untrusted sources.
Apply vendor updates from the linked Red Hat advisories and libssh security release references.
If immediate upgrading is not possible, reduce exposure by limiting who can modify client-side SSH configuration artifacts and known_hosts files.
Monitor affected clients for unusual hangs, timeouts, or CPU spikes during hostname matching or SSH connection setup.

Evidence notes

This debrief is based only on the supplied CVE record and referenced official links. The source corpus states the issue was published on 2026-03-26 and last modified on 2026-05-19. The NVD metadata identifies the weakness as CWE-1333, provides the CVSS vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, and lists libssh versions through 0.11.3 as vulnerable. Red Hat advisory and libssh release-note links are included in the source references, but their page contents were not fetched in this corpus.

Official resources

CVE-2026-0967 CVE record
CVE.org
CVE-2026-0967 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Third Party Advisory
Mitigation or vendor reference
[email protected] - Third Party Advisory
Mitigation or vendor reference
[email protected] - Release Notes

Published: 2026-03-26T21:17:00.970Z; last modified: 2026-05-19T14:16:36.720Z. The published CVE date is used as the disclosure date for this debrief.