CVE-2026-7598

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions libssh2 versions prior to 1.11.2

Description An integer overflow exists in the userauth password() function within the src/userauth.c file. This issue occurs due to the incorrect handling of the username len and password len arguments during SSH password authentication. A remote attacker can exploit this flaw to potentially cause a denial of service.

Recommendations For versions prior to 1.11.2, apply patch 256d04b60d80bf1190e96b0ad1e91b2174d744b1. As a temporary workaround, restrict the use of the userauth password() function to minimize the risk of exploitation.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189CWE-190

Related Identifiers

CVE-2026-7598

ECHO-E686-BEF9-6A8E

OESA-2026-2336

RHSA-2026:16736

RHSA-2026:7021

USN-8309-1

Affected Products

Linuxmint

Ubuntu

Libssh2

CVE-2026-7598

Weakness Enumeration

Related Identifiers

Affected Products

References · 27