Description
A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue.
Published: 2026-05-01
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in libssh2’s userauth_password routine can cause an integer overflow when processing the username or password length fields. This overflow may corrupt internal buffers, giving an attacker the possibility to disrupt authentication logic or trigger further exploitation. The vulnerability is limited to the authentication phase and does not directly grant code execution but can be a stepping stone to more severe outcomes.

Affected Systems

The libssh2 library, versions up to 1.11.1, is affected. Applications or services that embed this library for SSH client or server functionality could be vulnerable.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity for this issue. The EPSS score is not available, and the vulnerability is not listed in CISA KEV, suggesting no documented exploits at this time. The description states that the attack may be launched remotely, and it is inferred that a remote attacker could trigger the overflow by sending crafted authentication requests to an SSH service using the vulnerable libssh2 build.

Generated by OpenCVE AI on May 1, 2026 at 22:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade libssh2 to a version newer than 1.11.1 or apply the patch commit 256d04b60d80bf1190e96b0ad1e91b2174d744b1.
  • If an immediate library update is not feasible, disable password-based authentication in SSH configurations until the vulnerability is fixed.
  • Verify that any dependent applications or libraries using libssh2 are also updated or patched to eliminate the risk.

Generated by OpenCVE AI on May 1, 2026 at 22:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 01 May 2026 21:45:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue.
Title libssh2 userauth.c userauth_password integer overflow
First Time appeared Libssh2
Libssh2 libssh2
Weaknesses CWE-189
CWE-190
CPEs cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*
Vendors & Products Libssh2
Libssh2 libssh2
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X'}

Subscriptions

Libssh2 Libssh2
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-01T21:30:11.006Z

Reserved: 2026-05-01T10:45:11.583Z

Link: CVE-2026-7598

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-01T22:16:16.947

Modified: 2026-05-01T22:16:16.947

Link: CVE-2026-7598

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T23:30:06Z

Weaknesses