Description
A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can cause unexpected behavior or lead to a denial of service (DoS) due to application crashes.
Published: 2026-03-26
Score: 3.1 Low
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply patch
AI Analysis

Impact

A flaw in libssh allows a malicious SFTP server to send a malformed "longname" field within an SSH_FXP_NAME message during a file listing operation. The missing null check permits a read beyond allocated heap memory, which can cause the client or server application to crash or exhibit unexpected behavior. This results in a denial of service rather than code execution or data breach.

Affected Systems

The vulnerability affects systems that use libssh as provided in Red Hat Enterprise Linux releases 6 through 9, Red Hat Hardened Images, and Red Hat OpenShift Container Platform 4. All versions of libssh bundled with these products are potentially vulnerable; specific libssh version information was not provided in the advisory.

Risk and Exploitability

The CVSS score of 3.1 indicates low to moderate risk, and the EPSS score of <1% shows a very low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Attackers would need remote access to act as an SFTP server capable of sending the crafted message; from that position they could force the victim’s client or server to crash, leading to denial of service. The impact is confined to the affected host or process and does not grant further privileges.

Generated by OpenCVE AI on April 15, 2026 at 15:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update libssh to the latest patched version available from Red Hat for all affected RHEL and OpenShift environments.
  • Rebuild or update Red Hat Hardened Images and any container images to use the patched libssh library.
  • If an update cannot be applied immediately, disable or restrict the SFTP protocol on servers that do not require it to mitigate the risk of the malformed message.

Generated by OpenCVE AI on April 15, 2026 at 15:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8051-2 libssh vulnerabilities
History

Mon, 13 Apr 2026 06:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L'}

Thu, 09 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat hummingbird
CPEs cpe:/a:redhat:hummingbird:1
Vendors & Products Redhat hummingbird

Fri, 03 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Sat, 28 Mar 2026 03:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
References

Thu, 26 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can cause unexpected behavior or lead to a denial of service (DoS) due to application crashes.
Title libssh: libssh: Denial of Service due to malformed SFTP message Libssh: libssh: denial of service due to malformed sftp message
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References

Mon, 16 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Libssh
Libssh libssh
Vendors & Products Libssh
Libssh libssh

Wed, 11 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title libssh: libssh: Denial of Service due to malformed SFTP message
Weaknesses CWE-476
References
Metrics threat_severity

None

 cvssV3_0

{'score': 3.1, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L'}

threat_severity

Low

Subscriptions

Libssh Libssh
Redhat Enterprise Linux Hummingbird Openshift
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-05-01T16:01:05.494Z

Reserved: 2026-01-14T21:55:14.053Z

Link: CVE-2026-0968

cve-icon Vulnrichment

Updated: 2026-03-27T20:21:05.894Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T21:17:01.150

Modified: 2026-04-13T20:15:09.527

Link: CVE-2026-0968

cve-icon Redhat

Severity : Low

Publid Date: 2026-02-10T18:46:58Z

Links: CVE-2026-0968 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T16:45:09Z

Weaknesses