Skip to content

Security: CVE-2026-55200 - libssh2 memory corruption (CVSS 9.2, no fix release yet) #243

Description

@muhamedfazalps

Vulnerability: CVE-2026-55200 (CVSS 9.2) - libssh2 integer overflow to heap buffer overflow in ssh2_transport_read()

Affected: libssh2 <= 1.11.1 (all current releases)

Impact: A malicious SSH server can trigger memory corruption on a connecting client, leading to potential code execution. No credentials or user interaction required.

Details:

Recommendation:

References:


Discovered during security research. Hope this helps! https://buymeacoffee.com/muhamedfazalps

Metadata

Metadata

Assignees

No one assigned

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions