Post by Arctic Wolf
146,683 followers
A suite of severe vulnerabilities has been disclosed in libssh2 (an SSH client library widely embedded in software). • The most critical, CVE-2026-55200 (CVSS 9.2/9.8), is a memory corruption bug in libssh2's ssh2_transport_read() triggered by a malicious SSH server pre-authentication via a crafted packet_length. • This enables heap buffer overflows and potential remote code execution (RCE) with no user interaction or credentials required. Learn more, including our recommendations for remediation, in our latest security bulletin: https://lnkd.in/gqTCGXrT