CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

NCSC-2026-0210 [1.01] [M/H] Vulnerabilities fixed in libssh2 by libssh

unknownCVE-2026-55199CVE-2026-55200
libssh has fixed vulnerabilities in libssh2 up to version 1.11.1. The first vulnerability concerns a pre-authentication denial of service in the SSH_MSG_EXT_INFO handler. A malicious SSH server can send a specially crafted extension_count value, causing the client to enter a CPU exhaustion loop and disrupting the processing of SSH messages. The second vulnerability is in the ssh2_transport_read() function, where improper bounds checking on the packet_length variable leads to an out-of-bounds write. This can be exploited by an attacker to cause a Denial-of-Service with specially crafted SSH packets, or theoretically to execute arbitrary code on the affected system, if no additional measures such as Address Space Layout Randomization (ALSR) are taken. However, this is not a common setting on systems. Both vulnerabilities are present in all implementations using libssh2 version 1.11.1 or lower. Update: Public PoC code has emerged confirming that the vulnerability can lead to arbitrary code execution under specific conditions.

CSIRTS triage

What
Vulnerabilities can lead to denial of service and potential arbitrary code execution.
Who is affected
Users of libssh2 version 1.11.1 or lower.
Urgency
Remediation is urgent due to the critical nature of the vulnerabilities.
Action
Upgrade to a version of libssh2 higher than 1.11.1.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch libssh2

Get an email when a new libssh2 advisory drops — max one per day, one-click unsubscribe.

Details

Source
NCSC-NL Advisories (NL · national-cert · site)
Severity
unknown
Published
2026-06-24
Exploitation
Not in CISA KEV at last sync
Language
Machine-translated to English — verify against the original

Original advisory: https://advisories.ncsc.nl/advisory?id=NCSC-2026-0210

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-55199coverage & exploitation statusNVD · CVE.org
CVE-2026-55200coverage & exploitation statusNVD · CVE.org

Same CVEs, other sources

How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.

More from NCSC-NL Advisories