Critical libssh2 Vulnerability Allows Attackers to Execute Remote Code Via Malicious SSH packets

A critical security vulnerability has been identified in the widely used libssh2 library, allowing remote attackers to execute arbitrary code through specially crafted SSH packets.

The flaw, tracked as CVE-2026-55200, carries a CVSS score of 9.2 and is classified under CWE-680 (Integer Overflow to Buffer Overflow).

Disclosed on June 17, 2026, the vulnerability affects libssh2 versions 1.11.1 and earlier and was fixed in commit 7acf3df, with an official patch available through the project’s GitHub repository.

libssh2 Vulnerability

The flaw resides in the ssh2_transport_read() function, which fails to validate the packet_length field in incoming SSH packets properly.

Due to missing upper-bound checks, attackers can supply excessively large values for packet_length, triggering an integer overflow that leads to an out-of-bounds heap write.

This memory corruption condition allows attackers to overwrite adjacent memory structures, potentially enabling full remote code execution without authentication.

Because the attack vector is network-based and requires no user interaction, the risk of exploitation is considered high.

Successful exploitation of CVE-2026-55200 can result in remote code execution on affected systems, allowing attackers to take control of vulnerable applications.

According to the VulnCheck advisory, the flaw can cause heap memory corruption, leading to crashes, denial-of-service conditions, and potentially full system compromise on systems using libssh2 for secure communications.

The CVSS v4 vector reflects low attack complexity and high impact across confidentiality, integrity, and availability. Security researcher Tristan Madani responsibly disclosed the vulnerability, enabling a coordinated fix before widespread exploitation. The issue affects all applications and systems using libssh2 versions 1.11.1 and earlier.

Since libssh2 is widely embedded in SSH clients, automation frameworks, and file transfer tools, the exposure extends across enterprise environments, cloud services, and embedded systems.

The issue has been addressed in a patch introduced by commit 97acf3dfda80c91c3a8c9f2372546301d4a1a7a8, which enforces strict validation of packet_length values to prevent integer and buffer overflows.

Organizations are strongly encouraged to upgrade libssh2 to a patched version as soon as possible.

In addition, security teams should review systems for statically linked or bundled versions of libssh2, monitor SSH traffic for anomalies such as unusually large packet sizes, and implement network-level controls if immediate patching is not feasible.

Follow us on Google News, LinkedIn, and X to Get More Instant Updates.

The post Critical libssh2 Vulnerability Allows Attackers to Execute Remote Code Via Malicious SSH packets appeared first on Cyber Security News.