Description
A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations.
Published: 2026-03-26
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

A flaw in libssh allows it to attempt opening arbitrary files while parsing configuration, which can cause the system to access dangerous files such as block devices or large system files. This results in a denial of service, disrupting normal operations without compromising confidentiality or integrity. The weakness corresponds to unsanitized file path handling (CWE-73).

Affected Systems

Red Hat Enterprise Linux 6 through 10, Red Hat Hardened Images, and Red Hat OpenShift Container Platform 4 all use libssh and are affected. The vulnerability affects systems that rely on libssh for configuration processing, regardless of the specific libssh version bundled with these distributions.

Risk and Exploitability

The CVSS score of 3.3 indicates low to moderate risk, and the EPSS score of less than 1% suggests a very low probability of exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. Exploitation likely requires a local or privileged attacker to supply a malicious configuration file or otherwise misconfigure the system. While the impact is limited to service disruption, it can be significant in environments that rely on continuous availability.

Generated by OpenCVE AI on April 15, 2026 at 15:37 UTC.

Remediation

Vendor Workaround

Ensure the client and server are using only regular files as configuration.

OpenCVE Recommended Actions

  • Update libssh to a version that includes the fix or apply the vendor-supplied patch if available.
  • Ensure that both client and server use only regular files for configuration, following the provided workaround to prevent arbitrary file access.
  • Restrict write permissions on libssh configuration files so that local or unprivileged users cannot create or modify them.

Generated by OpenCVE AI on April 15, 2026 at 15:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8051-2 libssh vulnerabilities
History

Thu, 09 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat hummingbird
CPEs cpe:/a:redhat:hummingbird:1
Vendors & Products Redhat hummingbird

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Mon, 30 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations.
Title libssh: libssh: Denial of Service via improper configuration file handling Libssh: libssh: denial of service via improper configuration file handling
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References

Mon, 16 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Libssh
Libssh libssh
Vendors & Products Libssh
Libssh libssh

Wed, 11 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title libssh: libssh: Denial of Service via improper configuration file handling
Weaknesses CWE-73
References
Metrics threat_severity

None

 cvssV3_0

{'score': 3.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}

threat_severity

Low

Subscriptions

Libssh Libssh
Redhat Enterprise Linux Hummingbird Openshift
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-18T18:13:50.718Z

Reserved: 2026-01-14T21:54:51.315Z

Link: CVE-2026-0965

cve-icon Vulnrichment

Updated: 2026-03-30T11:31:41.875Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T21:17:00.607

Modified: 2026-04-02T17:33:46.463

Link: CVE-2026-0965

cve-icon Redhat

Severity : Low

Publid Date: 2026-02-10T18:47:22Z

Links: CVE-2026-0965 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T16:45:09Z

Weaknesses