CVE-2026-48107

Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTH INFO REQUEST with an attacker-controlled prompt count, and the client would use that raw count directly in Vec::with capacity(...) before validating that enough prompt data was actually present in the packet. This issue has been patched in version 0.61.0.