Description
A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that when processed by the `match_pattern()` function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion, resulting in a Denial of Service (DoS) for the client.
Published: 2026-03-26
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

A flaw in libssh allows a remote attacker, by controlling client configuration files or known_hosts files, to craft hostnames that trigger inefficient regular expression backtracking within the match_pattern() function. This backtracking can consume excessive processor time and memory, ultimately causing the client to time out or become unresponsive, which manifests as a denial of service for anyone using that client.

Affected Systems

The vulnerability impacts Red Hat products including Red Hat Enterprise Linux 10, 6, 7, 8, and 9, Red Hat Hardened Images, and Red Hat OpenShift Container Platform 4, as well as all distributions employing libssh 0.12.0 or 0.11.4. The affected components are present in the listed RHEL releases and OpenShift 4, and the issue originates from the libssh library used by these platforms.

Risk and Exploitability

The CVSS score of 5.5 indicates a medium severity, and the EPSS score of less than 1% shows a very low probability of current exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires an attacker to supply crafted configuration or known_hosts entries, which can be done remotely if the attacker can influence those files. Once exploited, the attack can lead to client-side resource exhaustion and denial of service without compromising confidentiality or integrity.

Generated by OpenCVE AI on April 15, 2026 at 15:38 UTC.

Remediation

Vendor Workaround

Avoid using complex patterns in configuration files and known_hosts.

OpenCVE Recommended Actions

  • Upgrade libssh to the latest security release (0.12.0 or later).
  • Apply the most recent Red Hat security updates for all affected RHEL and OpenShift platforms.
  • Avoid using complex regular expression patterns in configuration files and known_hosts, as a temporary workaround to reduce backtracking risk.

Generated by OpenCVE AI on April 15, 2026 at 15:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8051-2 libssh vulnerabilities
History

Thu, 09 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat hummingbird
CPEs cpe:/a:redhat:hummingbird:1
Vendors & Products Redhat hummingbird

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Fri, 27 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
References

Thu, 26 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that when processed by the `match_pattern()` function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion, resulting in a Denial of Service (DoS) for the client.
Title libssh: libssh: Denial of Service via inefficient regular expression processing Libssh: libssh: denial of service via inefficient regular expression processing
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-1333
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References

Thu, 12 Feb 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Libssh
Libssh libssh
Vendors & Products Libssh
Libssh libssh

Wed, 11 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title libssh: libssh: Denial of Service via inefficient regular expression processing
References
Metrics threat_severity

None

 cvssV3_0

{'score': 2.2, 'vector': 'CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L'}

threat_severity

Low

Subscriptions

Libssh Libssh
Redhat Enterprise Linux Hummingbird Openshift
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-18T18:13:52.843Z

Reserved: 2026-01-14T21:55:01.348Z

Link: CVE-2026-0967

cve-icon Vulnrichment

Updated: 2026-03-27T13:36:30.302Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T21:17:00.970

Modified: 2026-04-02T17:28:27.853

Link: CVE-2026-0967

cve-icon Redhat

Severity : Low

Publid Date: 2026-02-10T18:47:09Z

Links: CVE-2026-0967 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T16:45:09Z

Weaknesses