CVE-2026-55200
libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce
CVSS
8.1
High
EPSS
0.7%
p50
KEV
—
Exploit Today
15
0-100
Published: Jun 17, 2026 · Last modified: Jul 14, 2026 · CWE-680
0.7%EPSS · 30 days0.9%
2026-06-302026-07-17
libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.
- github.comhttps://github.com/libssh2/libssh2/commit/97acf3dfda80c91c3a8c9f2372546301d4a1a7a8
- github.comhttps://github.com/libssh2/libssh2/pull/2052
- www.vulncheck.comhttps://www.vulncheck.com/advisories/libssh2-out-of-bounds-write-via-unchecked-packet-length-in-transport-c
- web.archive.orghttps://web.archive.org/web/20260623211210/https://github.com/bikini/exploitarium/tree/main/libssh2-cve-2026-55200-poc
No related CVEs by CWE or product.