Out-of-Bounds Write Vulnerability in libssh2 Affects Remote Code Execution
CVE-2026-55200

9.2CRITICAL

Key Information:

Vendor: Libssh2
Status: Libssh2
Vendor: CVE Published:; 17 June 2026

What is CVE-2026-55200?

libssh2 contains an out-of-bounds write vulnerability in the ssh2_transport_read() function that fails to impose proper limits on the packet_length field. This flaw allows remote attackers to exploit the vulnerability by sending specially crafted SSH packets with excessively large packet_length values, potentially leading to heap memory corruption and enabling remote code execution.

Affected Version(s)

libssh2 0 <= 1.11.1

libssh2 7acf3dfda80c91c3a8c9f2372546301d4a1a7a8

References

https://github.com/libssh2/libssh2/pull/2052

issue-tracking

https://github.com/libssh2/libssh2/commit/97acf3dfda80c91...

patch

https://www.vulncheck.com/advisories/libssh2-out-of-bound...

third-party-advisory

CVSS V4

Score:

9.2

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Jun 16, 2026

Credit

Tristan Madani (@TristanInSec)

CVE-2026-55200 Data

JSON

Libssh2

What is CVE-2026-55200?

Affected Version(s)

References

CVSS V4

Timeline

Credit