CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 23, 2026

Critical libssh2 Vulnerability Allows Attackers to Execute Remote Code Via Malicious SSH packets

Cybersecurity News Archived Jun 23, 2026 ✓ Full text saved

A critical security vulnerability has been identified in the widely used libssh2 library, allowing remote attackers to execute arbitrary code through specially crafted SSH packets. The flaw, tracked as CVE-2026-55200, carries a CVSS score of 9.2 and is classified under CWE-680 (Integer Overflow to Buffer Overflow). Disclosed on June 17, 2026, the vulnerability affects libssh2 […] The post Critical libssh2 Vulnerability Allows Attackers to Execute Remote Code Via Malicious SSH packets appeared fi

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security News Critical libssh2 Vulnerability Allows Attackers to Execute Remote Code Via Malicious SSH packets By Abinaya June 23, 2026 A critical security vulnerability has been identified in the widely used libssh2 library, allowing remote attackers to execute arbitrary code through specially crafted SSH packets. The flaw, tracked as CVE-2026-55200, carries a CVSS score of 9.2 and is classified under CWE-680 (Integer Overflow to Buffer Overflow). Disclosed on June 17, 2026, the vulnerability affects libssh2 versions 1.11.1 and earlier and was fixed in commit 7acf3df, with an official patch available through the project’s GitHub repository. libssh2 Vulnerability The flaw resides in the ssh2_transport_read() function, which fails to validate the packet_length field in incoming SSH packets properly. Due to missing upper-bound checks, attackers can supply excessively large values for packet_length, triggering an integer overflow that leads to an out-of-bounds heap write. This memory corruption condition allows attackers to overwrite adjacent memory structures, potentially enabling full remote code execution without authentication. Because the attack vector is network-based and requires no user interaction, the risk of exploitation is considered high. Successful exploitation of CVE-2026-55200 can result in remote code execution on affected systems, allowing attackers to take control of vulnerable applications. According to the VulnCheck advisory, the flaw can cause heap memory corruption, leading to crashes, denial-of-service conditions, and potentially full system compromise on systems using libssh2 for secure communications. The CVSS v4 vector reflects low attack complexity and high impact across confidentiality, integrity, and availability. Security researcher Tristan Madani responsibly disclosed the vulnerability, enabling a coordinated fix before widespread exploitation. The issue affects all applications and systems using libssh2 versions 1.11.1 and earlier. Since libssh2 is widely embedded in SSH clients, automation frameworks, and file transfer tools, the exposure extends across enterprise environments, cloud services, and embedded systems. The issue has been addressed in a patch introduced by commit 97acf3dfda80c91c3a8c9f2372546301d4a1a7a8, which enforces strict validation of packet_length values to prevent integer and buffer overflows. Organizations are strongly encouraged to upgrade libssh2 to a patched version as soon as possible. In addition, security teams should review systems for statically linked or bundled versions of libssh2, monitor SSH traffic for anomalies such as unusually large packet sizes, and implement network-level controls if immediate patching is not feasible. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News 27-Year-Old OpenBSD Vulnerability Allows Attackers to Bypass PAP Authentication Entirely Microsoft’s New Option Allows Organizations to Block Copilot Access to Office Files Researcher Earns $148,337 for Google Cloud Production RCE Vulnerability Hackers Compromised 140+ Mastra npm Packages to Deploy Password-Stealing Malware ClickFix Campaign Uses EtherHiding and GULoader to Infect Windows Users via Fake CAPTCHA Latest News Cyber Security News Researcher Earns $148,337 for Google Cloud Production RCE Vulnerability Cyber Security Tata Electronics Data Breach Exposes Confidential Apple and Tesla Documents Cyber Security News New Phishing Attack Abuses Outlook and Microsoft 365 Groups Features to Attack Users Cyber Security News Critical FFmpeg Vulnerability Allows Attackers to Weaponize Media Files Cyber Security Hackers Using FortigateSniffer Tool That Turns Compromised Firewalls Into Password Collectors
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 23, 2026
    Archived
    Jun 23, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗