Out-of-Bounds Write Vulnerability in libssh2 Affects Remote Code Execution
CVE-2026-55200

9.2CRITICAL

Key Information:

Vendor

Libssh2

Status
Vendor
CVE Published:
17 June 2026

Badges

🥇 Trended No. 1📈 Trended📈 Score: 22,100👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2026-55200?

CVE-2026-55200 is a severe vulnerability found in libssh2, a widely used library that implements the SSH2 protocol, primarily used for securely connecting to remote servers. The vulnerability stems from an out-of-bounds write error in the ssh2_transport_read() function, which does not adequately enforce upper limits on the packet_length field. This flaw allows remote attackers to send specially crafted SSH packets containing oversized packet_length values, potentially leading to the corruption of heap memory. If successfully exploited, this could enable attackers to execute arbitrary code on the affected systems. Organizations utilizing libssh2 may face significant risks, including compromised system integrity and unauthorized remote access, which could lead to widespread data breaches and further exploitation of network resources.

Potential impact of CVE-2026-55200

  1. Remote Code Execution: The primary impact of CVE-2026-55200 is the ability for attackers to achieve remote code execution. This means that adversaries could gain control of vulnerable systems, allowing them to run malicious code that can compromise sensitive data and system functionality.

  2. System Vulnerability and Exploitation: Due to the nature of the vulnerability, systems using unpatched versions of libssh2 could become attractive targets for threat actors. The potential for exploitation increases the risk of cascading security failures across interconnected systems, making it essential for organizations to prioritize patching.

  3. Increased Attack Surface: Organizations running applications that rely on libssh2 may expose themselves to heightened risks. As attackers look to exploit this vulnerability, there is a greater likelihood of targeted attacks, which could disrupt business operations and lead to reputational damage if systems are breached or unable to function correctly.

Affected Version(s)

libssh2 0 <= 1.11.1

libssh2 7acf3dfda80c91c3a8c9f2372546301d4a1a7a8

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

News Articles

libssh2 CVE-2026-55200 Shows Why Outbound SSH Is an Attack Surface - IT Security News

The critical libssh2 CVE-2026-55200 flaw inverts SSH security: the remote server attacks the connecting client, no credentials needed. A public PoC is out and the official patched release has not shipped. libssh2 CVE-2026-55200 Shows Why Outbound SSH Is an Attack…Read more →

1 week ago

libssh2 CVE-2026-55200 and the Outbound SSH Risk

libssh2 CVE-2026-55200 lets a server attack connecting clients, pre-auth, CVSS 9.8. PoC is public and no release has the fix yet. Here is why this matters.

1 week ago

Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw

A public PoC for CVE-2026-55200 exposes a critical libssh2 flaw that can let a malicious SSH server corrupt client memory.

1 week ago

References

CVSS V4

Score:
9.2
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by It Security News

  • 🥇

    Vulnerability reached the number 1 worldwide trending spot

  • 📈

    Vulnerability started trending

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tristan Madani (@TristanInSec)
.