CVE-2026-55200 CRITICAL

CVE-2026-55200: libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c

Vendor Libssh2
Product libssh2
Weakness CWE-680
Published June 17, 2026
Last update July 1, 2026

CVSS base score

9.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.

Key dates

02Disclosure timeline

June 17, 2026 CVE published
July 1, 2026 Record updated