Skip to content
CVSS 7.3 · HIGH

CVE-2026-7598

A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue.

Ver en NVD

Análisis

libssh2 is a critical library for SSH client functionality used by major tools like curl and many backend language bindings. An integer overflow in the authentication logic that is remotely triggerable represents a significant risk to automated infrastructure and developer workflows.

Severidad

Puntaje: 7.3(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: LOW
A: LOW
Tipo de falla (CWE): CWE-189CWE-190

EPSS

Probabilidad de explotación (próx. 30 días): 0.0005 (0.0%)
Percentil: 14.1%
EPSS: 2026-05-06

Afecta

libssh2:libssh2

Descripción técnica

A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue.

Publicada: 1/5/2026, 22:16:16
Última modificación: 7/5/2026, 1:47:08

Referencias

InicioEventosBlogRecursosEquipo