Integer Overflow Vulnerability in libssh2 by libssh2
CVE-2026-7598

6.9MEDIUM

Key Information:

Vendor

libssh2

Status
Libssh2
Vendor
CVE Published:
1 May 2026

What is CVE-2026-7598?

A security vulnerability has been identified in libssh2, impacting versions up to 1.11.1. This flaw resides in the userauth_password function within the src/userauth.c file, where improper handling of input lengths for usernames and passwords can lead to integer overflow. This vulnerability can be exploited remotely, and it is crucial to apply the provided patch (commit 256d04b60d80bf1190e96b0ad1e91b2174d744b1) to mitigate potential security risks.

Affected Version(s)

libssh2 1.11.0

libssh2 1.11.1

References

https://vuldb.com/vuln/360555
vdb-entrytechnical-description
https://vuldb.com/vuln/360555/cti
signaturepermissions-required
https://vuldb.com/submit/805564
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

dapickle (VulDB User)
.