Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw
Summary
A public proof-of-concept (PoC) has been released for CVE-2026-55200, a critical vulnerability in the libssh2 client-side SSH library. This flaw can lead to memory corruption and potential code execution on a connecting client when interacting with a malicious or compromised SSH server, requiring no credentials or user interaction. The vulnerability affects all releases up to and including version 1.11.1 and has a CVSS 4.0 score of 9.2.
IFF Assessment
The release of a public PoC for a critical vulnerability that allows for remote code execution poses a significant threat to systems relying on the affected library.
Severity
The CVSS score of 9.2 indicates a critical severity, reflecting the attack vector (network), attack complexity (low), privileges required (none), user interaction (none), scope (changed), confidentiality impact (high), integrity impact (high), and availability impact (high).
Defender Context
Defenders need to be aware of this critical vulnerability in libssh2, which is widely used in client-side SSH implementations. The availability of a public PoC significantly lowers the barrier for exploitation, making prompt patching or mitigation essential to prevent potential code execution and data compromise on systems making SSH connections.