Out-of-Bounds Read Vulnerability in libssh SFTP Extension Handler
CVE-2026-3731

6.9MEDIUM

Key Information:

Vendor

libssh

Status
Libssh
Vendor
CVE Published:
8 March 2026

What is CVE-2026-3731?

A vulnerability has been identified in libssh versions earlier than 0.11.4 and 0.12.0, specifically within the SFTP Extension Name Handler. The issue arises in the function responsible for handling SFTP extension names, where manipulation of the index argument can lead to an out-of-bounds read condition. This vulnerability can be exploited remotely, potentially allowing unauthorized access to sensitive data. Users are advised to upgrade to the patched versions to mitigate the risk associated with this vulnerability.

Affected Version(s)

libssh 0.11.0

libssh 0.11.1

libssh 0.11.2

References

https://vuldb.com/?id.349709
vdb-entrytechnical-description
https://vuldb.com/?ctiid.349709
signaturepermissions-required
https://vuldb.com/?submit.767120
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.