CVE-2026-10650

A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lws ssh parse plaintext of the file plugins/protocol lws ssh base/sshd.c of the component SSH Protocol Handler. Executing a manipulation of the argument msg len can lead to resource consumption. The attack may be launched remotely. The exploit has been published and may be used. This patch is called 3f9f0c6ecaf0e6f3f219d30632c5d1f2479d7498. A patch should be applied to remediate this issue.