Out-of-bounds write in libssh2 - CVE-2026-55200
Published: July 1, 2026
libssh2
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input within the ssh2_transport_read() function. A remote attacker can send specially crafted SSH packets with overly long packet_length values, trigger an out-of-bounds write and execute arbitrary code on the target system.