CyberSecurity News

Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw

The Hacker News

· June 29, 2026

AI summary

A public proof-of-concept has been released for a critical vulnerability in libssh2, identified as CVE-2026-55200. This flaw allows a malicious SSH server to cause memory corruption on a connecting client, potentially leading to code execution. The vulnerability can be exploited without requiring credentials or user interaction. The bug affects libssh2 releases up to and including version 1.11.1 and has a high CVSS score of 9.2. libssh2 is used as a client-side SSH library, distinguishing it from server-side implementations. The vulnerability's impact is significant due to its potential for code execution.

Vulnerabilities mentioned

CVE-2026-55200

HIGH

CVSS 8.1

libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.

Read the full article at The Hacker Newsthehackernews.com/2026/06/public-poc-released-for-critical.html

This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to The Hacker News.